Phishing Prevention: How to protect yourself from Covid-19 Scams
Tom Pugh, Client Services Director at Revive Management, advises how both individuals and businesses can protect themselves, as well as their employees and customers, from the thousands of COVID-19 phishing scams during this time of uncertainty.
The Rise in Phishing Scams
Since the start of the COVID-19 pandemic, there’s been a huge explosion of COVID-19 related phishing scams. In April, Google revealed that it was blocking more than 100 million phishing emails a day. Almost a fifth of these were scam emails related to coronavirus.
According to the latest figures from Action Fraud, about £2m has already been lost to coronavirus-related fraud in the UK. Action Fraud also revealed that they are aware of 2,500 coronavirus related scams currently being used, ranging from fake offers of tax rebates to bogus medicines.
Cybercriminals all over the world are sending fake emails and text messages, posing as official sources ranging from the UK government, the WHO, the Centre for Disease Control and Prevention and even individual US officials, including President Trump. These criminals are exploiting the widespread fear and anxiety around the virus in the hope that people will be more inclined to click on links or make hasty decisions to hand over personal information or bank details.One particular scam, for example, asks Android users to download a ‘coronavirus tracker app’ to see cases in their area. In reality, the app installs ransomware – a type of software aimed at stealing information – on the user’s phone.
So, whether you’re an employer advising employees who are now working from home, a business advising your customers how to be aware of fraudulent communications, or simply an individual looking for ways to stay safe online during COVID-19 and beyond, here is our advice:
Question suspicious content
With the amount of phishing scams having increased by more than 667% during the pandemic, what is the best way to make sure that you don’t fall victim to one of these scams? Here are the questions you should ask yourself before clicking on any potentially dangerous links:
1. Am I expecting communication?
We normally know when we should be communicated with. Do you have a bill due for payment, is your MOT due to expire, have you got an insurance renewal? Be aware and think, is this message relevant? If something comes through that you aren’t expecting or from an organisation that you have never dealt with, then take the time and question it.
- Is the communication sensible or does it sound too good to be true?
Have a think about the content of the message. If it’s something offering a cash refund from HMRC or coronavirus related compensation, then the likelihood is that it’s fake and too good to be true.
3. Are any links subdomains of a companies website?
A subdomain is an additional part to a main domain name. For example, https://secure.yourbank.com is a subdomain of https://yourbank.com. It is impossible for a scammer to create a subdomain, so check the domain carefully to verify that it’s legitimate.
4. Is the email sender domain real?
Email spoofing is the creation of email messages with a fake ‘fronted’ sender address. If you click on the sender address or ‘friendly’ sender name, it will reveal the true email address behind it. If the revealed email looks suspicious, don’t click on anything and delete the email.
- On the main page, is there a padlock?
A padlock icon, or lock icon, displayed in the web browser indicates a secure mode where communications between browser and web server are encrypted. This type of connection is designed to prevent anyone from reading or modifying the data you exchange with the website. If you click on the padlock, you should also see the organisation’s details. Organisations have to purchase security certificates for their websites.
Take your time
There is no rush to ever click on a link in an email or text message. Amongst all the anxiety around the virus, it is all too easy to fall into the trap of clicking on a link in haste or making poor security decisions that you wouldn’t usually. Take your time to check and think before you click. If you are unsure, speak to a friend or colleague to get their opinion. Any email that pressures you to click to claim compensation ‘before time runs out’ is probably not legitimate.
Reporting a scam
Finally, if you do end up in the unfortunate situation of falling victim to a scam, take your computer or phone off your wireless network immediately so it has no connection to the internet. There are organisations you should report the scam to immediately – especially if you have transferred money or have had money taken from your account. There’s more information about how to report a scam on Citizens Advice.