The upheaval and confusion generated by Covid-19 is being used by cyber criminals to scam. They’re exploiting the circumstances created by the virus’ spread to facilitate successful fraud.
Certum prioritises the wellbeing of staff and clients. We’ve outlined some of their methods to remind you to practice vigilance.
This is occurring across numerous channels:
Text messages
Be aware of texts which falsely claim employees are due money or don’t need to pay taxes.
HMRC never addresses matters of tax in this way. Clicking the links provided takes you to false websites asking you to input financial data. Our advice is to contact the relevant authorities to inform them of the situation, not click anything you’re unsure of and under no circumstances provide financial data to an unreliable source.
Invoice Redirection
This is achievable via email or phone call. Fraudsters pose as an associate creditor or supplier and tell you their company’s bank details are changing due to the virus outbreak. The communication asks you to make all future payments to a new sort code and account number.
Again, this kind of interaction is not carried out using these methods by the official authorities and is not reliable. Practice caution in these trying times and be extra vigilant. Even the slightest cause for suspicion should be acknowledged. Our cyber-security advice is to ignore the email if that is the method used. Similarly, politely leave the call before getting in touch with said company to alert them of the situation.
Standard phishing emails
It’s widely recognised that click-bait emails are untrustworthy. However, this is just another area for fraudsters to take advantage at the moment. In the sensitive climate emotions are running high. People are vulnerable to clicking links which claim they’re from government or medical official agencies.
Observe sone examples supplied by BBC News, ‘Coronavirus: How hackers are preying on fears of Covid-19′, at the following link: https://www.bbc.co.uk/news/technology–51838468
These scams are claiming to have ‘new information’ on the virus, asking for donations to help find a cure and assist those affected. While it seems outrageous that people would go to these lengths it is the sad reality. Again, we ask you to remain firmly vigilant to protect yourself from cyber-security fraud.
Phone Fraud
Similarly, awareness of phone calls related to Coronavirus subjects is necessary. These are most commonly claiming to be from banks, police, doctors, hospitals and so on. We stress again that official authorities never contact via phone to discuss financial matters. Neither do they ask for data over the phone without relevant documentation.
While everybody wants to contribute to fighting the virus, it’s an individual’s responsibility to take care of their data-security. Our aim is to stress the importance of this and provide you with relevant guidelines to navigate such situations.
Overall
Remote working policies in place are making things harder. You’re not immediately surrounded by those you’d usually confirm security suspicions with. This means you’re more vulnerable to automatically interacting with calls/emails you’d normally ignore.
The standard security rules reiterated throughout apply. Don’t click links, open attachments or provide data unless you are 100% sure sources are legitimate.
Finally,
Standardised remote working means it’s inevitable fraudsters will attempt to claim they’re from your IT company. Please familiarise yourself and all staff with how your IT company access your systems. This way you know if requests come through that may be fraudulent, as they’re out with protocol. Therefore, you’re prepared to have your IT company identify themselves as the ones who reached out before allowing remote connections.
We cannot stress enough to please just pick up the phone and get in touch if you receive any emails about invoice payments or those asking you to log into portals. Your IT company can reduce any risk by confirming that they are in fact from who they say they are, or otherwise.