Coronavirus and fraud: how to protect yourself and your business
These frauds are typically extensions of common scams. Below are some examples to keep in mind:
1. Phishing and social engineering scams
Using coronavirus as a cover story, fraudsters may attempt to lure victims to disclose sensitive information or click on malicious links infected with malware, leading to data compromise and fraud.
Steps you can take to protect your organisation:
- Do not give sensitive information away to cold callers – we will NOT ask you for online passwords or any such information.
- Avoid emails that insist you act now. Phishing emails often try to create a sense of urgency or demand immediate action. The goal is to get you to click on a link and provide personal information immediately. Instead, delete the message.
- Do not click on links or open attachments you were not expecting to receive, or which come from an unknown sender.
- Before you click a link, hover over that link to see the web address it will take you to. If you do not recognise or trust the address, try searching for relevant key terms in a web browser. This way you can find the article, video or webpage without clicking on the suspicious link.
- Be aware of bogus websites – fraudsters will often use a web address which looks almost identical to the legitimate one, e.g. ‘abc.org’ instead of ‘abc.com’.
2. Business email compromise / impersonation of suppliers
- Fraudsters may call or email staff pretending to be a senior executive and requesting them to make an urgent payment.
- Fraudsters are posing as suppliers and requesting payments to be made to different bank accounts details due to changes they have had to make due to Covid-19.
- Fraudsters are posing as charities and fundraising bodies soliciting donations claiming to be involved in fighting the spread of the coronavirus.
Steps you can take to protect yourself:
- Independently verify any requests for new or amended bank details directly with the supplier by telephone, using details that you already hold on file, i.e. not using telephone numbers contained within the request. This should include emails that appear to be from an internal source (e.g. senior executives) as fraudsters can spoof email addresses to make them appear as though they are from a genuine supplier.
- Ensure that all your staff who are able to make payments are aware of this type of fraud. If they’re not sure, they should not proceed and should talk through the suspicious message with a colleague or check its legitimacy by contacting the relevant business or organisation (using contact details sourced from the official company website).
- Always ensure your staff follow your internal procedures for making payments.
If you’ve received one of these messages and you’ve clicked on the link, or you’re concerned your personal details have been compromised, contact us immediately.
Together we can ensure that you don’t become a victim of fraud in this confusing and worrying time.