A look at how criminals have exploited the pandemic - Cyber and Fraud Centre

Graham Bye, Cyber Resilience Consultant aligned to SBRC, takes a look at the most common cyber scams and threats we faced since the pandemic began.

This piece was recently featured in the Retired Police Officer Association Scotland (RPOAS) magazine.

We live in an ever-changing world and the Coronavirus pandemic has accelerated the pace of digital transformation, with Scottish business and society relying as never before on digital and online technologies.

While everyone is worried about the impact of Coronavirus, cyber criminals have seen this as an opportunity. In emails, texts and on the phone, they offer free or reduced products or financial rewards, or encourage you to donate to ‘worthwhile’ causes.

Like many scams, criminals are exploiting real-life events and current news stories to trick you into parting with hard earned money or personal information.

I have been working closely with Scottish Government, Police Scotland, the National Cyber Security Centre and others at SBRC to highlight the trending scams that have come to light during the pandemic and what to look out for to prevent falling victim to these crimes.

Emerging scams

In April 2020, we saw the emergence of the first Coronavirus scams, including the promotion of misleading information about the pandemic, contact tracing scams and the sale of counterfeit PPE and medical products. Some even claimed to have a ‘cure’ for the virus. Recently, there have been reports about phone and text scams related to the coronavirus vaccinations.

The message or text tells you that you have been selected to receive the vaccine and prompts you to press a number or click on a link to arrange a booking. You are then asked to give personal information and financial details to book your appointment.

The vaccination is free, so if you are offered it at a price, it is likely to be a scam. People have experienced issues obtaining refunds for travel and event cancellations. Some scammers posed as staff from travel companies to try and glean personal information, while others took advantage of the increase in ‘staycations’ and advertised fake rental accommodation online.

Cyber criminals, often with fake profiles, have been exploiting lonely victims during lockdown, particularly through online dating sites, to steal and extort money. There was also the emergence of fraudsters offering pets for sale, taking significant deposits before disappearing with the money.

A common trick scammers use is to send a fake email or text pretending to be from your bank or another organisation you trust.

These scams will often offer financial support, grants, relief payments or tax reductions to help during the pandemic and will try to convince you to click on a link to visit a website and log in with your account details. The website looks legitimate, but is fake, set up by criminals to steal your passwords and personal information.

A phishing campaign telling customers they can claim ‘for the third grant’.

Over the phone, the approach may be more direct. A common scam advises a customer that there has been a problem with their bank account and asks them to urgently transfer money into a ‘safe’ account.

During lockdown restrictions, people switched to online shopping which led to a surge in delivery scams with people getting emails claiming to be from Royal Mail and others, indicating that they are unable to deliver a parcel. Victims are encouraged to click on links which download malicious software or submit a payment due to numerous failed delivery attempts.

Whilst all this sounds worrying, the good news is that there is plenty practical advice and guidance available.

Here are a few simple tips:

Always question unsolicited calls, texts or emails. Do not give any personal information to people before verifying who they are. If you receive cold calls or texts, do not press 1 or follow any other instructions given in an automated message.
Remember that banks and financial institutions will not send you an email asking you to click on a link and confirm your bank details.
Choose carefully where you shop. Make online payments only on secure websites (check the URL bar for the padlock and https) and use secure connections (avoid public Wi-Fi). Use a credit card where possible as most major credit card providers insure online purchases.
Contact your bank IMMEDIATELY if you think you have made a payment to a scammer or if you are worried that a fraudulent transaction has been made from your account. Use the phone number on your bank statement (don’t use a number given to you by a cold caller). To ensure that you are disconnected from the cold caller, phone another number before phoning your bank or call them from another phone.
Think about what you share on social media, such as date of birth or names of family members or pets you use in your passwords. Criminals can use publicly available information to steal your identity or use it to make fake emails more convincing.
Make sure your passwords are strong and keep them safe. Using three random words is a good way to create a strong password you can remember. You can also combine with capital letters, numerals and symbols.
Enable TWO FACTOR AUTHENTICATION to help stop hackers getting into your account, even with your password. This is done through asking for additional information to prove your identity such as a special one-time code sent to your mobile phone.

You can visit the National Cyber Security Centre for more tips to improve your online security: https://www.ncsc.gov.uk/cyberaware/home

Finally, the Scottish Government CyberScotland Bulletin provides news of the latest cyber threats, scams, news and updates with advice and guidance from trusted sources.

Remember, if an offer sounds too good to be true, then it’s probably a scam!

22.04.21