Top COVID scams to look out for!
Since the start of the coronavirus pandemic, we have all come together to help one another. We have seen the very best in people but, unfortunately, it has also brought out the lowlife criminals who prey on our pockets and money. Action Fraud has reported that a staggering £4.6 million has been lost to coronavirus related scams since lockdown started.
These criminals are looking to exploit not just financial concerns but also health concerns by offering fake services and requesting payment upfront. They will try to collect personal information, bank details or offering high returns on bogus investments or pension transfers.
As the pandemic is going to be here for a while, these criminals won’t be going anywhere. That’s why we want to help you stay safe and to do this we have written up some tips and tricks to look out for on the most common scams. We’ve given a rundown of these below including, text message scams, email scams, online shopping scams, financial scam, telephone scams, business scams and even scammers pretending to be from the NHS Test & Trace.
Top COVID Scams to look out for!
Fake ‘test and trace’ scams
The Governments NHS Test and Trace service, which aims to offer people advice, who may have been in contact with someone who tests positive with coronavirus has been one of the most talked-about scams. Scammers are using it as an opportunity to gather personal information from you along with your hard-earned money. Trading Standards offices have warned about these scams which can come to you by phone, text or email!
The NHS has said that official Test and Traces communications will come in the form of a text from the NHS or a telephone call from 0300 0135000. Test and Tract staff will ask you for the following details:
- Your full name
- Your date of birth
- Your postcode
They will then offer you advice if you have come into contact with someone who has coronavirus symptoms. The Test and Trace staff will never ask for the following:
- Your bank details
- Any other details of other accounts
- Ask you to set up a password or PIN over the phone
- Request you call a premium rate number such as those starting with 087
- To download any software/app or to access a non-NHS or Government website
If it’s a genuine NHS text, they will ask you to sign in to the NHS test and Trace website. The details to log in would have been the account ID provided to you when signing up to the Track and Trace app. The only exception to this would be if you’re under the age of 18, the NHS Track and Trace staff would try to get in touch by a phone and ask to speak to a parent or guardian. They will then request permission the call with you. If you haven’t got any internet access or haven’t completed the online process, the NHS staff will contact you by phone with the details provided to the venue.
If you aren’t 100% sure if a call, text or email is genuine, or if you want to be extra cautious, do not click on the link. You should visit the Test and Trace Website. Alternatively, you are more than welcome to forward the email to [email protected], and we will be more than happy to help!
Text message scams
Text message scams are not as popular as they use to be, but they are still out there. They genuinely include a link to a fake but compelling website. This website looks exactly the real website. It will ask you to enter in personal information such as bank details, passwords or a credit card number. Once you’ve entered these details, the website will then redirect to the REAL website. Have a look at the below scam text received by a close friend of mine, what do you see that is wrong?
Take a look at the telephone number. It’s from a mobile number. If this is a genuine text from HSBC, it would say HSBC.
Take a look at the website link, it’s not an HSBC link, it does have HSBC in the URL, but the full link is for a website called payees-respond.com.
HSBC will never ask you to click a link in a text message. If in doubt, contact your bank from a different phone by using a telephone number that is their real website. They will never ask for your bank pin or the One Time Passcode on the authenticator or card reader they provide.
Fake texts claiming to be from ‘the Government.’
UK Finance (the banking industry body) and Ofcom (the communications regulator) are warning people of scam texts. These texts are from criminals that are claiming to be from official Government sources, issuing you a fake tax return or a fine for leaving your home. Neither of these is genuine so you can ignore and delete them. Please don’t be tempted to click on any links, even if you are curious.
Criminals are also using a technique calling ‘spoofing’, and this makes a text message appear to be from the Government and can make them appear in a chain of texts alongside any previous genuine messages that you have received from them. An example of this type of scam is pictured below from UK Finance.
Action Fraud has warned about some of the most common scams it sees that are being sent via email; these emails are known as ‘phishing’. Most of these emails will enter your Junk or Spam folder, but some do get through, and they are also compelling. You should be on your guard and question anything that seems too good to be true.
To make policing these scams easy, the NCSC (Nation Cyber Security Centre) has set up a Suspicious Email Report Service. If you think an email is a scam, then all you have to do is forward on the email to [email protected], making sure you don’t enter any additional information anywhere.
I’m in a meeting and can’t call scam.
One of the most common scams that we have come across in business is an email that is pretending to be your boss. Take a quick look at the image of one below:
We’ve hidden some data for GDPR reason, but you can see the main part of the email. It’s pretending to be from Asim, but the email has nothing to with Asim in the slightest. It also doesn’t have good Grammar or English. They mention they can’t talk on the phone and ask if you’ve received a text, then go on to say to reply with your phone number so they can text you right away.
On this particular impersonation, it stated at the bottom that it was “sent from iPhone”. The person they were to trying to impersonate doesn’t have an iPhone both personnel or business use, and luckily this user picked up on it straight away. Very similar emails have also been sent just like the above. If you’re unsure if an email is genuine from someone in your organisation, you should email it to your IT Support department or contact that user directly.
Fake requests for payment to access Covid-19 info
These type of requests for payments claim to be from large research organisations such as the World Health Organisation (WHO) and the Governments Scientific Advisory Group for Emergencies (SAGE). They may mention that they can provide you with a list of people in your area who have been infected with the coronavirus. They will say that you need to click on a link and make a payment or donation in cash or Bitcoin to access the information.
Here’s an example of these emails:
Fraudulent articles and coronavirus alert services
These articles or alert services may look genuine, but they will take you to a fake company website where you may be required to subscribe to a daily newsletter. These are data harvesting websites and show that your email address is active, it is then added to a list and sold on the dark web to other scammers. We’ve also seen fake notification apps which once installed injects some software called malware, this software then infects your phone with ransomware and then blocks it entirely until you agree to pay a sum of cash in the form of bitcoin. These types of ransomware attacks are also used on large companies, including the healthcare industry and can shut down entire networks.
Just look at this article from the BBC from 2017 when the NHS was shut down by ransomware with a demand of a lump sum of cash. You can view the article by visiting the BBC Website
Fraudsters are sending investment and trading ‘advice.’
These criminals will encourage you to take advantage of the coronavirus by making investments in stocks and shares; these stocks and shares are not genuine and can result in substantial financial losses. It would be best if you were extra vigilant on any investment and we would recommend you contact a Financial Advisor for further advice.
Fake ‘HMRC’ tax refunds or demands for tax payment
Most people are fully aware that HMRC will never text, call or email you about a tax refund, they will always send you a letter stating you are due a tax refund and a couple of days later, you’ll receive details of that refund.
There are still emails being sent by these cyber criminals that direct you to a fake website. This website will then collect your personal and financial details. The website looks very convincing and often display the HMRC or Gov.uk logo. There have also been reports of similar communication which offers council tax refunds.
Here are some examples of these emails:
Scam ‘competitions’ and ‘free vouchers’
Another common scam that was in play even before the pandemic is dodgy emails offering a ‘gift card’ or a fake competition. These usually claim to be from large well-known supermarkets and brands. The cybercriminals have now started to use Covid-19 to draw victims in. They say that they are giving you the change to win a gift card or free shopping for a year. The real truth is that they are data harvesting your information for the dark web.
Fake ‘TV licence’ bills and other subscriptions
The layout and result of these scams are very similar to the HMRC ones mentioned previously and don’t generally relate to the pandemic. They claim about unpaid bills, subscriptions and TV licences.
There have been over 200 reports of a terrible version of a TV licencing’s scam according to Action Fraud. It claims that the direct debit has failed, and they need to pay NOW to avoid prosecution. It then mentions that they are eligible for a “Covid19 Offer”, this offer is six months free. The email or text message then contains a link which sends you to a genuine-looking website which has been designed to steal personal and financial information.
If you aren’t sure if an email you’ve received about your TV licence is genuine, do not click links in the email. Instead, independently get in touch with TV Licensing through its official website. Alternatively, you can use its contact form or call 0300 790 6130.
Online shopping scams
Action Fraud has said that most of its reports that it has received are related to online shopping scams. This is where people have ordered protective face masks, hand sanitiser and other PPE but, it never arrived. Always purchase from a reputable company, if in doubt, search the internet for reviews.
Popular ‘lockdown items’ for sale that don’t exist
During the lockdown, many of us have been stuck at home, on furlough or working from home where possible. According to Action Fraud, more than £15m has been lost to scams in the online shopping trend. People aged 18-26 have been the ones most at risk. Many have purchased something that does not exist or never arrives. Always buy from a reputable company, if in doubt, search the internet for reviews.
Post-lockdown travel traps
Although lockdown isn’t as tight as it was back in March and the country now using a tiered approach, scammers are now targeting things that all of us have been missing the most…. Holidays and travel!
Cheap travel deals
Fake websites have been set up, which can seem extremely convincing. They use images of luxury villas or hotels and offer a considerable discount. The scammers will then require a deposit to be made, which is never returned. We’ve known people actually fly out to said villa and be stuck abroad with nowhere to stay because of scams like this. We would recommend that you use a reputable travel agent or site if going on holiday!
Holiday cancellation refund scams
As more and more holidays are getting cancelled due to the pandemic and quarantine restrictions, scammers are using this as an opportunity to defraud you of your money. They include such attempts as:
- Fake emails from ‘refund claim companies’
- Callers pretending to be from a holiday company or your bank
- Fake social media accounts for ‘holiday companies’ which claim to be customer services
If you do need to get in touch with your travel, you should call them from a number you have saved in your phone, or a number that is available on their website.
If your trip has been cancelled, visit MSE’s Coronavirus Travel Rights guide for full information on refunds and more.
The National Trading Standards, along with the Chartered Trading Standards Institute, have put out a warning to people about different ways that scammers will approach you at home. Do not open your door to these people, if you do answer the door to someone you weren’t expecting, keep the door on a chain.
Shopping for elderly people
These scammers have no empathy and target some of the most vulnerable people in society. They claim that they are trying to help and offer to go shopping on the victim’s behalf. They take a shopping list and the money but never return.
Doorstep and driveway cleaning services
Someone might turn up at your door offering to clean your front doorstep or driveway. They may claim it’s going to kill off bacteria and help prevent the spread of coronavirus, which of course is not backed up in any way.
Bogus offers of Covid-19 ‘home testing.’
Although you can order a home test from the NHS, these scammers are knocking on people’s doors saying they are from the NHS. They claim to be able to test you for the virus for a small fee. The Government and NHS will not test for coronavirus out of the blue at your front door.
Almost all the scams that we have spoken about so far can also take place over the phone. This could be from someone pretending to be your bank, selling fake items or pretending to be from a Government body. There are some other telephone scams that you should be aware of:
Fake utility companies
These types of calls are about your essential bills. They threaten you by saying your electric or gas will be cut off as there is an outstanding debt. They will mention the police and taking you to court unless you pay. One way to catch out a scammer is to ask for their name and say you will call back on the number on a letter. If it is a legitimate company, they won’t mind.
If you can call from another phone such as mobile, we would recommend this. This is because some scammers that call landlines will stay on the phone while you try to dial the company’s number. They then trick you into thinking you’re through the real company.
Scams targeting small businesses and the self-employed
This is one of the most popular scams in the business industry. With more people working remotely, scammers will attempt to be from well-known companies and offer to repair your IT system. They will ask you to visit a website which then gives them access to your computer. Once they have access to your computer, they will steal your passwords, logins and other important information on the hard drive.
They may also play on the authority of a chief executive or senior manager, or say they are a regular supplier, asking for urgent payment to a new account.
Financial services scams
Regulator the Financial Conduct Authority (FCA) is warning of several other known scams capitalising on consumers’ short-term financial concerns.
Scammers who ask you to hand over an upfront fee
You may see in your inbox that you’ve been accepted for a loan which is to be repaid over 24 months. They will say you need to pay a sum of £25 for loan insurance before it can be sent over. They will request payment in the sum of an Amazon Gift Card. Anyone that asks you to make a payment with Gift cards is most likely a scam and should be avoided.
Since the pandemic started the stock markets have dropped, scammers will say this is the best time to invest or transfer existing investments, including your pension. Interest rates are low, buy stocks at a low rate, wait five years and watch your money grow. This is how these scammers work. The FCA is urging savers to take their time when thinking about investing any of their money. If you are thinking about investing your money, you should contact an independent financial advisor.
Fake help claiming lost money
They may also attempt to contact you and claim to be from a claim’s management company, insurance provider, or even a credit card provider. They sound confident in what they are talking about and say they can help you claim losses from a holiday or event. They will request that you send them your bank details to start the claim proceedings, once the details have been handed over, they will then empty your bank account.
Bank money transfers
These come in the form of cold calls, emails, texts or WhatsApp messages stating that your bank is in trouble due to the crisis. They may push you to transfer your money to a new bank with alternative banking details.
Top tips to protect yourself from scams
There are some cybersecurity steps that you can take to spot scams and prevent scammers from getting your money. Not all of these tips are fail-safes and are guidelines to help keep you safe.
Question any uninvited approaches
Be extra cautious if someone approaches you in person and attempt to sell you something that you haven’t requested or signed up for. You should also be very suspicious if anyone asks you to make payment upfront.
Don’t click links in emails/texts
If you’ve received a text or email that contains a link or number, don’t click or call. It will take you to a fake website. If you call the number, it could be a premium number and cost you a lot of money. If you’re genuinely concerned about a message or email you’ve received, go and find the number of the company online or from their website and ask them yourselves
Check the URL or email address
Always check the website address or full email address of the sender. Even if it looks like the correct address it could still be a scam and clicking on it, could take you to a fake website. If in doubt about a link, hover your mouse over the link/hyperlinked text, and it will show you the real URL.
Look carefully for dodgy spelling and Grammar
Larger retailers and banks will spend a lot of time and money, creating any emails they do send. A couple of different people will proofread these emails to eliminate bad Grammar, spelling mistakes and dodgy punctuation.
Avoid the rush
If you’re being rushed to purchase an offer or product, take a step back and think. Most scammers use this tactic to get your money quick and fast. They will also tell you that your money isn’t safe, and you need to move it to another account as soon as possible. When it comes to your money and finances, only the criminals will panic you! All banks in the UK will never ask you to send money to another account under any circumstances. You can read more about this by visiting your banks’ website.
Pay on credit or debit card
Like most people nowadays, we purchase stuff online all the time and pay using our credit or debit card. If you’re buying from a new online shop that you haven’t used before, be sure to check for a Green Padlock in the address bar. This means the contents are encrypted, and any data you enter will be encrypted, such as credit or debit cards and personal information. If the item is over £100 and you pay by credit card, you can use your Section 75 legal protection, which effectively means your credit card provider is jointly responsible if something goes wrong.
If you paid on a debit or prepaid card, or under £100 on a credit card, you could try using your chargeback protections – this is a voluntary agreement from card providers which could also help to get your money back.
If it sounds too good to be true, it probably is
Last of all, if you’ve been searching the web and found a product that’s the cheapest you’ve seen, or you’re promised fast cash, we’re sorry to say, but it’s most probably a scam. You should always seek independent financial support from a trusted financial provider.
If you’re concerned about being scammed and need help, you should first contact your bank and freeze any cards or payments you may have. You should then report it to Action Fraud.
If you’re a business and would like to offer Cyber Security Training to your staff you can contact us on 0330 229 1384 or email [email protected] to speak to one of our experienced team. We also created a few weeks ago on Covid scams, you can view the video below: