Globally, the number of infections and, tragically, deaths resulting from COVID-19 (Coronavirus) is increasing daily, and there is almost universal concern amongst people for their own health and that of their loved ones and communities. News bulletins, your email inbox and social media conversations are, understandably dominated by the subject.
Get Safe Online CEO Tony Neate is voicing serious concerns about the threats posed by the current situation online, quite apart from the physical dangers to our health, and widespread disruption caused by business closures, travel bans and enforced and self-imposed isolations. “Whenever there’s a crisis, you can be certain that there will be a rash of scams exploiting the situation. Sadly, Coronavirus is no exception.
“At Get Safe Online, we’ve heard about a number of scams, from fake news to people offering vaccines. Even with my long career in cybersecurity, it never fails to amaze me how low some people will sink to exploit innocent people’s uncertainty and misery.”
In common with most other crisis situations, criminals are using emails, text messages, social media posts, online advertisements and phone calls to defraud their unsuspecting victims. The scams that we have heard about to date include:
– Fake calls, emails and text messages claiming to be from NHS test and trace staff, requesting payment for a COVID-19 test, confidential details or asking you to visit a fake website which either captures your personal details or results in a malware infection
– Fakelinks to Microsoft Teams and Google Meet, in addition to similar, more highly publicised fake links to Zoom
– email purporting to be from your employer asking for personal details as part of you returning to work
– fake advertisements on social media and pet sales websites advertising pets that do not exist, including requesting deposits and fees for transport and vaccinations
– email purporting to be from the supermarket chain Iceland, advertising priority delivery slots for vulnerable customers
– Phone calls purporting to be from your bank offering to collect money as a service to vulnerable people. Cards have been collected and funds withdrawn.
– email entitled “You are infected”, in which you are asked to download an Excel attachment and proceed to the nearest emergency health clinic for testing. The Excel document is infected with malware.
– A huge increase in the number of blackmail emails claming that the sender has detected you viewing porn, and demanding a ransom to avoid this being revealed to youir contacts. These sometimes quote a password you do or have used, but you should not respond or pay, as they have nothing on you.
– emails specifically targeting the elderly, selling pre-paid funerals and Power of Attorney services
– emails purporting to be from a major retailer (including Tesco and Argos) offering free vouchers to help support people during the outbreak. The emails feature a fraudulent link.
– emails offering Coronavirus insurance cover, or thanking you for purchasing insurance and providing a link to your ‘documents’. You cannot buy insurance against Coronavirus.
– emails, social media posts and texts advertising Coronavirus testing kits for home use and for use by businesses to test their workforce. These do NOT exist.
– emails telling you that you have been fined for not observing lockdown rules
– emails and other messages claiming to be from the Department of Education, offering free school meals whilst schools are closed, and requesting bank details
– Fake advertisements for protective masks
– Fake advertisements for sanitising gel
– Fake advertisements for vaccines (these do not currently exist)
– Someone selling Coronavirus ‘cure’ online that actually contained harmful chemicals
– Links to fake / sensational news, photos and video and unorthodox ways to gain protection, in reality designed purely to spread panic, gain clicks and sell newspapers.
– Appeals from fake charities (either with made-up names, or fraudsters impersonating real charities) for donations
– Fake text messages offering NHS and other frontline employees tax refunds from HMRC to say ‘thank you’ for their efforts
– Fake emails, texts or posts offering Coronavirus diagnoses
– Online maps of Coronavirus geographical hotspots, which infect your device with malware
– Phone calls and emails offering high return, low risk investments
– Phone calls and emails urging you to take money out of your pension pot, or transfer your entire savings to a higher return, lower risk option
In the case of the fake advertisements, hopeful customers make payments for the items, often by bank transfer, never to see the products they have ordered, nor their money, ever again. The links and email attachments generally lead to fraudulent websites which request your confidential details, or malware infections on the computer or other device you use to view them.
Neate explains why it is so easy for fraudsters to operate under the current circumstances: “It’s a double-whammy: most of us are understandably concerned or at least uncertain about what’s going to happen in the short to medium term. This means that we might tend to drop our guard, and exercise less caution than usual when carrying out everyday tasks online.”
Our expert advice
– Do not get tempted into ordering Coronavirus-related products online, especially if it calls for payment by any means except credit card (which normally affords additional protection).
– Do not believe in everything you read, but instead get your up-to-date Coronavirus advice from official sources such as:
– Check the authenticity of charity appeals
– Be wary of approaches from supposed travel agents, tour operators, airlines, cruise companies, insurance companies or compensation firms promising to deal with refunds on travel, accommodation and event entry. If in doubt, call companies you have been dealing with, on the phone number you know to be correct.
As a result of the current situation, almost all businesses have sent their employees home to work unless it is impossible to do so, and in an essential sector. Business owners are urged to provide training and advice on how to work remotely without compromising the safety and security of companies and their networks, data and devices. Tony Neate added this warning: “Don’t assume that your staff are necessarily up to speed on working safely at home … it’s a very different environment from the relatively secure systems and processes to be found in many offices. We have very comprehensive, easy to follow advice at getsafeonline.org/business.“