Since we all started spending a lot more time online, business owners have reported a rise in scams that capitalise on the pandemic.
Scams include phishing emails, fake HMRC tax refunds, fake vaccine appointments, as well as investment scams. We’ve all seen them, but fraudsters can be very convincing, so it can be easy to fall into the trap. Here’s how to protect yourself – and your business.
According to the police, there have been more than 6,000 reports of scams relating to coronavirus during the pandemic. And figures from Action Fraud show that £34.5 million has been lost to scams since 1 March 2020.
General security advice includes using two-factor authentication for your email and business accounts, turning on automatic backup of your important data, and using security features on your devices.
There's also a national campaign, Take Five, to stop fraud – but what else can you do?
Scammers use social engineering – a term used to describe how fraudsters use human psychology to manipulate people by preying on their fears – to get people to give them access to their devices from any location. By pretending to be your bank or phone company, for example, scammers convince you to download legitimate remote access software like TeamViewer or GoToMeeting.
With a simple passcode, they’ll then be able to control your screen and can download software or steal bank account details and passwords without you knowing.
It’s very difficult to get money back from your bank if you’ve willingly given someone permission to access your device.
If you think you might have been scammed, you should contact your bank immediately, change your passwords, and report it to Action Fraud.
While fighting this type of cybercrime needs support from all areas of society, you should remember to never install software if a cold caller asks you to. If it seems convincing (which it often does) you can always hang up and contact the organisation directly using a verified phone number or email address.
Pauline Smith, Head of Action Fraud, said: “Unsolicited requests to remote access your computer should always raise a red flag. It’s easy to feel embarrassed when faced with unexpected or complex conversations but it's okay to stop the discussion if you do not feel in control of it.”
You may have seen scam emails claiming to be from HMRC before. They usually promise a non-existent tax refund to get you to enter your financial details – this is a Covid-19 variation.
This coronavirus scam says that the government has established a new ‘tax refund programme’ to help the self-employed protect themselves.
HMRC has also highlighted an SMS message they’ve seen that promises a ‘goodwill payment’ from the tax authority. While other scam callers claim to be HMRC informing you about a ‘fraud case’ in your name.
While these messages may look real enough on the surface, they’ll usually contain errors, typos and odd phrasing.
HMRC says that you shouldn’t reply to the email or SMS, or open any links in the message. HMRC will never send email notifications about tax refunds or rebates and you can always contact HMRC if you’re not sure about something you’ve received.
You can forward a fake email to HMRC to help in their investigations against scams (just make sure you delete it after).
Swansea Trading Standards issued a warning about a scam message offering residents a payment “as part of its promise to battle Covid-19”.
The link takes you to an official-looking (but fake) gov.uk page that asks you to enter your card details, including your security number.
Again, these messages will usually have typos and errors. Another clue is in the URL. If it’s an official government website, the registered domain will have ‘gov’ in the URL.
You should delete any messages you get like this without clicking on the links.
Mark Thomas, Cabinet Member for Environment and Infrastructure at Swansea Council, said: “Ensure that if you receive anything like this you check the origins of the contact and stop and think are you expecting this contact.”
The National Cyber Security Centre (NCSC) highlights that organisations of all sizes have been working remotely since the outbreak of the pandemic. So if you have employees working at home, you could be facing additional cyber security challenges.
Hackers and scammers could get hold of data or passwords if you don’t take the right cyber security measures.
Stay up-to-date with the latest from the Simply Business coronavirus support hub.
Sign up now to get guides, resources and offers.
The NCSC says that you should create strong passwords and use two-factor authentication (2FA) where possible when setting up new accounts for home working.
You can also use Virtual Private Networks (VPNs) to let your employees access your systems remotely.
And you should make sure you communicate security risks to staff – for example, let them know why they should lock their devices, and encourage early reporting of theft and loss.
The FCA reports that “sophisticated, opportunistic” scammers have been using the coronavirus pandemic to come up with scams involving pensions transfers and high-return investment opportunities (including investments in cryptoassets).
Scammers use many channels, including phone calls and social media advertising. They’ll almost always appear too good to be true.
The FCA lists a number of ways to protect yourself against these scams. Firstly, they say you should reject offers that come out of the blue, for example from firms you’ve never heard of or dealt with before.
They say you shouldn’t rush or be pressured into making a decision, or give out personal details. And you can check the FCA Register to see whether a firm you’re dealing with is authorised by the FCA (you can also check the FCA’s warning list to find out whether you’re dealing with scammers).
Have you come across any scams related to coronavirus? Let us know in the comments below.
We create this content for general information purposes and it should not be taken as advice. Always take professional advice. Read our full disclaimer
6th Floor99 Gresham StreetLondonEC2V 7NG
Sol House29 St Katherine's StreetNorthamptonNN1 2QZ
© Copyright 2021 Simply Business. All Rights Reserved. Simply Business is a trading name of Xbridge Limited which is authorised and regulated by the Financial Conduct Authority (Financial Services Registration No: 313348). Xbridge Limited (No: 3967717) has its registered office at 6th Floor, 99 Gresham Street, London, EC2V 7NG.