5 COVID-19 scams your organisation should be aware of (and how to prevent them)Posted in : Supplementary Articles NI on 20 May 2020
With the COVID-19 pandemic gripping the world, your employees are likely to be spending significantly more time online.
But the overwhelming amount of news coverage surrounding the virus has created a new risk…
With large numbers of employees working from home, cyber criminals are taking advantage of the disruption, capitalising on the uncertainty to scam suspecting employees into handing over sensitive data and money.
Bogus callers, fake online stores and online and telephone frauds are just some of the scams that the general public should be wary of.
But what scams should each employee in your organisation be aware of?
We have pulled together information and resources to keep you up to speed on the types of scams out there during this uncertain period, examples of online scams (what has been in the news and what a scam looks like). More importantly, we will provide you with tips on how to protect yourself and your employees.
Types of scams
1. Invoice Scams
A business may be contacted out of the blue by someone claiming to be from a regular supplier. They state that their bank account details have changed and will ask you to change the payment details. Fraudsters are taking advantage of the current uncertainty, which is why this type of fraud is popular now.
Always call an existing supplier on a confirmed telephone number to make sure any demand of this nature is genuine.
2. CEO impersonation scams
A sophisticated scam that plays on the authority of company directors and senior managers. An employee receives a phone call or email from someone claiming to be a senior member of staff – they ask for an urgent payment to a new account and instil a sense of panic. Scammers may even hack a staff email account or use spoofing software to appear genuine.
Be wary and alert for any unexpected urgent requests for payment and always check the request in person if it’s possible.
3. Tech support scams
With more people working remotely and IT systems under pressure, criminals may impersonate well-known companies and offer to repair devices. Criminals are trying to gain computer access or get hold of passwords and login details. Once they have access, criminals can search the hard drive for valuable information.
Always be apprehensive of cold callers. Genuine companies would never call out of the blue and ask for financial information up front.
4. Coronavirus ‘advice’/ Government grant/tax refund scams
Criminals are pursuing new approaches to profiting from a global pandemic. The number of phishing and smishing attempts have been on the rise as expected recently, as cyber criminals target an already uncertain and vulnerable society.
A business is contacted by phone, email or post by imposters claiming to be from a government or medical organisation. For example, the scammer will suggest the business might qualify for a special COVID-19 government grant or a tax refund. Variations on the scheme involve contacts through text messages, social media posts and messages. They will in some cases request the receiver to click on a link or download an attachment. You may also be asked to provide bank account or login details.
Organisations should be vigilant about unexpected urgent communications offering financial assistance. Check that the information is genuine and from a trustful source by using official government websites.
5. Fake Invoices/Suppliers
Cyber security criminals are mindful of the massive demand for health products during the COVID-19 crisis. Many companies will search for new suppliers to meet the current demand.
Fake websites and social media accounts are being created by cyber criminals, promoting face masks, ventilators, hand sanitisers, home cleaning products and more.
Cyber criminals will capitalise on this and offer bulk buying of the product, at a very hefty cost. These scammers will take the money, your personal details and fail to deliver the products.
Only work with a reputable supplier and purchase based on previous experience with the supplier.
Investigate the new supplier by carrying out as much research as possible. This can be reviews for example. Call their numbers provided if necessary and use business registration sites for proof of legitimacy.
Examples of online scams that made headlines
- BBC reported in April 2020, about a multi-million-euro coronavirus mask scam. The alleged scam began after a German company tried to buy 10m masks, valued at about €15m (£13m), from online suppliers. The German buyer placed an online order on a fake Dutch website. Fraudsters put the buyer in touch with an Irish "intermediary", police say. The German firm then made a down payment of €1.5m into an Irish company’s bank account, based in County Roscommon, for masks that were not delivered.
- A story published by the Irish Examiner recently reported that recently a businessman was attending a medical appointment. While he was there, his wife received an email from him requesting her to transfer €30,000 to a bank account in Germany. His wife carried out the transfer believing this email from her husband was genuine. Later that evening she made her husband aware the transfer had been successful. They then realised they had been scammed and defrauded of €30,000.
- A recent RTE story reported that a European business seeking to buy alcohol gels and protection masks transferred €6.6m to a company in Singapore after being conned by a fraudulent email. The goods never arrived.
Fake emails/website scams to be wary of
The National Cyber Security Centre (NCSC) reported that the UK public flagged more than 160,000 suspicious emails leading to the removal of over 300 fake websites. The scams were reported to the UK's pioneering new Suspicious Email Reporting Service. Emails reported to the National Cyber Security Centre, a part of GCHQ, include callous attempts by criminals to exploit the coronavirus through fake offers of face masks and testing kits.
The following are examples of some of the types of scams out there:
Site mimicked TV Licensing pages
Site mimicked GOV.UK pages
Fake WHO email
Hackers pretending to represent the World Health Organization (WHO) claim that an attached document details how recipients can prevent the disease's spread. To avoid this scam, be wary of emails claiming to be from WHO, as they are probably fake. Instead, visit its official website or social media channels for the latest advice.
Site offering bogus products relating to coronavirus
10 top tips on how to protect yourself and your employees against scams
1. Be sceptical
If it sounds too good to be true, it probably is. Thoroughly question all:
2. Know your business inside out
Have a thorough understanding of your business so you know:
- How it operates
- The staff you employ
- The products and services it provides
- Your target market and your business
- Your legal and regulatory obligations
This will help you realise immediately when something isn’t right.
3. Know your customers and suppliers
When you understand who you do business with you can spot any business request or transaction that looks wrong for that customer or supplier and may be fraudulent.
Conduct due diligence using a risk-based approach, such as checking the customer or supplier details you have on file, as well as online searches.
4. Identify areas where your business is vulnerable to fraud
Imagine how a fraudster might target your business, both internally and externally, and test the systems you already use to reduce risk. Make sure you and your staff know those systems and regularly review them.
5. Develop a strategy and talk about fraud
Think about the right fraud prevention and detection strategy for your business: it should detail controls and procedures.
Staff look to owners and managers for guidance to acceptable behaviour. Talk about fraud with your staff, suppliers and other contacts. Your staff need to understand the risks and how losses affect the business and themselves.
6. Take extra care against cyber attacks
With increasing threats from cybercrime, protect your business technology against attacks. Make sure you back up your systems in case they go wrong.
7. Understand your finances
Understand how money leaves your business, including:
- Methods of payment
- Who has authority to make those payments
- Who checks payments are legitimate
Always check your bank statements.
8. Secure and protect your property
This includes laptops, computers, smartphones, and intellectual property. Factor in business insurance to cover these items if they are compromised or stolen. Use and maintain inventories.
9. Develop an action plan
Consider when you might need professional or legal advice. While prevention is better than cure, it’s important for you and your business to be prepared for the worst. Having an action plan in place will help limit your losses to fraud.
10. Always report fraud and get help
Action Fraud is the UK’s national fraud and cybercrime reporting centre. You can also get information about fraud and financially motivated internet crime.
You can also report fraud to the police if you know the suspect or they are still in the area. Call 101 to speak to one of our operators.
Legal Island Training Resources
[New] Protecting Data when Home Working in Northern Ireland eLearning Training Course (limited time offer available)
It is vital that all of your employees – from customer service to marketing and sales, many of which will be home working now - know how to protect your organisation’s confidential data from cyber attacks and fully understand their obligation under data protection legislation to protect the data they handle.
The information in this article is provided as part of Legal-Island's Employment Law Hub. We regret we are not able to respond to requests for specific legal or HR queries and recommend that professional advice is obtained before relying on information supplied anywhere within this article.