Blog

Coronavirus: Scams to watch out for

Amidst the COVID-19 outbreak in the UK, many of us are concerned about what will happen next. However, many scammers see it as an opportunity to profit.

There was a 400% rise in fraud related to COVID-19 in March 2020 according to Action Fraud. Between 1 February 2020 and 18 March 2020, Action Fraud has received 105 reports from victims of COVID-19 related frauds, with losses totalling close to £970,000.

We are sharing six of the many on-going scams in the UK. We would like to urge you to read the document and avoid yourself and your family falling victim to phishing scams.

1. HM Revenue & Customs (HMRC) - COVID 19: Tax rebate
The email has been issued in various formats. Do not reply to the email and do not open any links in the message. 

2. HMRC – COVID 19, SMS scam
Goodwill payment SMS: This is an example of the SMS scam: ‘As Part of the NHS promise to battle the COVID- 19 virus, HMRC has issued a payment of £258 as a goodwill payment. Follow link to apply.’.

‘£35 fine’ SMS: Do not reply to the SMS or call the phone number listed. 

3. COVID 19 holiday refund scam:
North Tyneside Council and a couple of other councils have also raised the alarm about several shady schemes including fake holiday refunds for individuals who have been forced to cancel their trips. Please, do not click on any such links or attachments.

4. Department for Education - Free meals scam:
Many parents have received an email stating the following message: ‘As schools will be closing, if you’re entitled to free school meals, please send your bank details and we’ll make sure you’re supported’. This is a scam email.

5. Fake communication from local councils:
Some councils have issued a warning about a scam message offering residents a payment “as part of its promise to battle COVID 19”. The link takes you to an official- looking (but fake) gov.uk page that asks you to enter your card details, including your security number. 

6. Phishing attacks against businesses
Recently, Sky news came across a copy of an email scam sent to several organisations that pretends to be from each firm's internal IT team. The email - which has the subject "ALL STAFF: CORONA VIRUS AWARENESS" - tells employees that "the institution is currently organising a seminar for all staff to talk about this deadly virus", and asks them to click on a link to register. 

The link takes anyone clicking on it to a third- party website disguised as an Outlook web app. Anyone who fills in that form ends up giving their details to the hackers. 




How can you spot a scam?

Broadly the things to watch out in emails and other messages are:

  1. Assume that all emails about financial matters are a scam unless you are absolutely sure that they are legitimate. Don’t click on links, download attachments or provide any personal information. If in doubt, ring the provider using the number you find on their website
  2. Look at the email address used to send you the email - are there any typos or is it a selection of numbers? Some of these can be quite sophisticated but the sender’s email address should exactly match the domain of the company they claim to represent. For example, verified email should be from noreply@notificationshmrc.gov.uk.com and not noreply@notificationshmrc.com or noreply@notificationshmrcgov.com - subtle, but very important differences
  3. Spam email subject or body usually contains poor grammar or spelling errors. Beware if you are addressed impersonally or oddly
  4. Your bank or the police will NEVER ask you to transfer money or move it to a safe account.
  5. For corporate incidents, notify the IT incident team by sending the spam email as an attachment. No legitimate organisation will contact you from an address that ends ‘@gmail.com’, not even Google.
  6. Never click on links which asks you to verify/update personal or sensitive information. Hover over the link before clicking it. This will show you the actual address of the link
  7. Do not open attachments unless you are confident that it is from a genuine source. Even then beware of anything suspicious
  8. Check for https in the URL and security padlock for security certificate
  9. For shortened URLs, enter shortened bit.ly URL in browser with + at the end. This will give you information about the site that the shortened link refers to.
  10. Cross-check emails which are reported by mailbox (Gmail/outlook) service provider as unsafe. Check if the message creates a sense of urgency, warnings, offers or threats. To check the authenticity of an email, please research the claim/benefit/rebate that the email sender seems to be claiming about. For example - if an email states that Department of Work and Pensions (DWP) is offering you a rebate against non-consumed food meals, please go on DWP website and search for relevant information or policy.

Find out more about Covid-19 scams from the FCA here.