Updated Coronavirus Fraud Briefing – 24 March 2020.

Latest picture from Action Fraud/NFIB

The first report relating to Coronavirus, or COVID-19, was received on 9 February. There were 20 more reports that month. Since then, there have been 46 reports between the 1 March and 13 March, 38 reports in just four days (14 March – 18 March) and 84 reports between 19 March and 22 March.  
In total this is 189 reports but includes reports from people who have lost money and also ‘information reports’ where people have seen a scam but not suffered a financial loss.


What scams are we seeing?

The majority of reports are related to online shopping scams where people have ordered protective face masks, hand sanitiser, and other products, which have never arrived.

Other frauds being reported include ticket fraudromance fraudcharity fraud and lender loan fraud.


Phishing emails

We have also received over 1,000 reports of coronavirus-themed phishing attempts – the majority of which are emails. These communications try to trick people into opening malicious attachments which could lead to fraudsters stealing people’s personal information, email logins and passwords, and banking details.

Some of the tactics being used in phishing emails include:

• Fraudsters purporting to be from a research group that mimic the Centre for Disease Control and Prevention (CDC) and World Health Organisation (WHO). They claim to provide the victim with a list of active infections in their area but to access this information the victim needs to either: click on a link which redirects them to a credential-stealing page; or make a donation of support in the form of a payment into a Bitcoin account.

• Fraudsters providing articles about the virus outbreak with a link to a fake company website where victims are encouraged to click to subscribe to a daily newsletter for further updates.

• Fraudsters sending investment scheme and trading advice encouraging people to take advantage of the coronavirus downturn.

• Fraudsters purporting to be from HMRC offering a tax refund and directing victims to a fake website to harvest their personal and financial details. The emails often display the HMRC logo making it look reasonably genuine and convincing. We have also had reports of people receiving similar text messages.

You can see examples of these phishing emails here: https://twitter.com/actionfrauduk/status/1240911363167391744


What are we expecting to see going forward?

Any number of frauds could increase as more people work from home and vulnerable, elderly people self-isolate.

The NFIB have suggested, based on the MO of fraudsters, that the following fraud types could increase during the COVID-19 outbreak:

  • Online Shopping and Auction Fraud – more people at home socially distancing increases the number of people online shopping through necessity but also the fact they have more time on their hands to browse the internet.
  • Computer Software Service Fraud – more people working from home will increase demand on IT systems causing slower responses and making some scripts seem more believable.
  • Lender Loan Fraud – there are already media reports circulating about parents concerned that they may not be able to feed their children if they are not at school and those who will be made redundant or self-employed receiving a much reduced income with potentially the same or increased living costs. This may mean people look to quick loans to see them through.
  • Mandate Fraud – with more people working at home, it may be easier for fraudsters to impersonate senior decision makers, with seemingly valid reasons why they cannot be contacted, and request a change in direct debit or standing order payments.
  • Investment Fraud including Pension Liberation Fraud – fraudsters could take the opportunity to create bogus investments in commodities in high demand, for example oxygen, and if people are worried that they might not have enough money to see them through this financially uncertain time, they may be more prepared to invest.


Protection advice

Detailed counter fraud advice is available online, including from Scamsmart, ActionFraud, CIFAS, TakeFive, Citizens Advice, Trading Standards and the National Cyber Security Centre.

Reporting to Action Fraud can be done online at https://www.actionfraud.police.uk or by calling  0300 123 2040.

To report offers of financial assistance from HMRC contact [email protected].


Advice for businesses

Mandate Fraud

Verify: If you receive a request to move money into a new bank account, contact the supplier directly using established contact details, to verify and corroborate the payment request.

Internal processes: Establish robust internal processes for handling changes to payment details. For example, only designated employees should be able to make changes to payment arrangements.

Sensitive information: Invoices, payment mandates, and other documents containing sensitive financial information should be stored securely and only be accessible to those staff that need them to perform their duties. Sensitive documents should be shredded before they are disposed of.

If you have made a payment: Inform your bank as soon as possible, they can help you prevent any further losses. Monitor your bank statements regularly for any unusual activity.