Scams are among the most prevalent types of crime in the UK, and coronavirus is creating a perfect environment for fraudsters to thrive using a range of loathsome tactics.
On Friday 20 March, City of London Police reported a 400% increase in scams as a result of coronavirus-related fraud. 105 reports had also been been sent to Action Fraud, the UK’s national reporting centre for fraud and cybercrime, with total losses reaching nearly £970,000.
We’ve seen many already, ranging from emails that come with a nasty payload of malware and those sending you to phishing sites, to reports of criminals knocking on front doors offering to go shopping for people who are self-isolating at home.
Others are related to online shopping scams involving sought-after items like face masks and hand sanitizer, and fake websites include imitating HMRC to offer tax relief.
So what should you look out for to avoid falling victim yourself? We run through the sorts of scams to be aware of:
- Coronavirus phishing scams
- Conspiracy theories and misinformation
- Cold calls and doorstep coronavirus scams
- Fake and counterfeit products
- How to spot and avoid coronavirus scams
Which? has launched a free email service to reveal the latest scams. Find out more about our scam alerts tool and register today.
Video: coronavirus scams
Find out more about coronavirus scams and how to avoid them.
Phishing and smishing emails and SMS messages are already being sent out to trap the unwary into giving up login details.
One we’ve seen is an email that claims to come from the World Health Organization. It’s short and sweet, asking that you click on a link to what it says is a PDF offering advice on how to stay safe during the outbreak.
Security firm Sophos has a detailed breakdown of what happens if you click on that link, but broadly it shows you a pop-up in front of what looks like the WHO’s actual website asking you to input your email address and password so that you can receive the non-existent PDF.
Other phishing emails and SMS messages (known as ‘smishing’ texts) are also doing the rounds: Action Fraud has warned that emails purporting to be from organisations including the US Centers for Disease Control and the WHO are being sent with the aim of tricking you into opening malicious attachments or giving away your passwords.
Read our guide on how to spot and stop phishing and smishing messages for more information.
The latest email and text phishing scams:
- Fake lockdown fines People have been warned not to fall for a bogus text message saying they have been fined for stepping outside during the coronavirus lockdown. The scam message claims to be from the Government, telling the recipient their movements have been monitored through their phone and they must pay a fine or face a more severe penalty.
- HMRC goodwill payment The MET police are warning of a fake message designed to steal your account details that says ‘As part of the NHS promise to battle the COV-19 virus, HMRC has issued a payment of £258 as a goodwill payment’.
- Fake council tax reductions A fake email using government branding is doing the rounds, asking for banking details in return for a coronavirus related council tax rebate.
- Free school meals the Department for Education has issued warnings about a scam email designed to steal your bank details saying: ‘As schools will be closing, if you’re entitled to free school meals, please send your bank details and we’ll make sure you’re supported.’
- WhatsApp request to forward your code A recent scam could grant hackers full access to your WhatsApp messages, photos and videos. Someone who knows your phone number could request to register your WhatsApp on a different device, and when a verification code is sent to you, the hacker will then message you to try and coax you into forwarding this on to them. They could then target your contacts with requests for money.
Another email we’ve seen is full of doom-laden warnings that ‘There is no vaccine for coronavirus’ and that ‘the US government, like the Chinese government, isn’t telling us the truth about how many are infected’.
That email is full of links. While we’ve only seen screenshots of this, it seems likely that these links will lead you to either phishing sites or, worse, sites that can infect your computer with malware.
Sophos has also reported on emails that – for now – are targeting Italian email addresses and which include a Word document that purports to offer guidelines for preventing infection, but which in fact harbours a malicious script that infects Windows computers with a banking Trojan, ie malware that aims to steal online banking credentials. So watch out for emails that include attachments.
Read our guide on how to spot a phishing scam for more information.
People are being warned to expect an increase in scam calls. These could follow typical patterns of callers claiming to be authority figures, which may include the police, HMRC or your bank, and involve requests to transfer money or hand over sensitive account login information, or your Pin code. We may also see an increase in scams involving subscription accounts – such as Amazon Prime, claiming that an account has been hacked and requesting that you enter your details to address the issue.
We’ve also seen reports of particularly nasty scams where criminals are taking advantage of older people by knocking on their doors. One scam has the criminals offering to take their temperature – thus allowing them into the house, where residents can be robbed or worse.
Police in Cheshire warned via Twitter that they had had reports of people knocking on doors and telling elderly residents that they are from the Red Cross and offering to test them for the coronavirus – and charging them for doing so.
Other potential scams include criminals claiming to sell you things like protective face masks and even hand sanitiser. The National Fraud Intelligence Bureau says that it has already identified 21 reports of fraud where the coronavirus was mentioned – costing the victims a total of more than £800,000.
Other misinformation is harder to spot: social media is rife with people claiming to have reports from the front line, from a friend, a cousin, a sister or similar at an unnamed hospital, for example, which others then pass on in good faith. Or you’ll see threads from people saying they’re scientists posting information that looks plausible but isn’t always correct.
So what can you do to protect yourself against scams and misinformation? We’ve got detailed advice on how to spot a malicious email, but broadly the things to watch out in emails and other messages are:
- Unsolicited emails and texts: be careful of anything you weren’t expecting that claims to be from an organisation such as a bank, BT, Sky, PayPal, Microsoft, the BBC and other large, trusted organisations. And at the moment, particularly watch out for unsolicited emails claiming to come from health bodies such as the NHS, the WHO and the CDC.
- An urgent tone: phishing and smishing messages are designed to scare you into clicking on their links.
- Grammar and spelling: the phishing email claiming to come from the WHO is clumsily written and has typos such no spaces after commas.
- No name: legitimate emails from services you have accounts with will always address you by name. Phishing emails and smishing texts usually start with ‘Dear Sir’ or ‘Dear Customer’.
- Fake domains: scammers often set up website addresses that look legitimate in order to trick you. Security researchers Digital Shadows says that more than 1,400 domains linked to the Covid-19 disease caused by the coronavirus have been registered in the past three months. While many of those may well be legitimate, others will almost certainly be used to trick anxious consumers into thinking they’re genuine.
When it comes to claims circulating via social media, there are a couple of things you can check. Snopes is the original fact-checking website: if it’s not true, Snopes has probably written it up. Other fact-checking websites are also worth keeping an eye on: Full Fact is a British website that can be trusted, while Channel 4 News has its own FactCheck website.
Above all, make sure your computers, mobile phones and tablets are up to date, and for Windows, Macs and Android devices, you should install antivirus software and keep that up to date, too. Antivirus will protect you from threats such as the banking Trojan contained in the Italian emails, and can also warn you if you’re visiting a website that’s been reported for phishing or that contains malware.
If you’ve been scammed, report what’s happened to Action Fraud, the UK’s national centre for reporting fraud and cybercrime.