COVID-19: The increased threat of fraud and how to deal with it
Individuals need to be aware that they are now more vulnerable to fraud, particularly of the online type, which means that more vigilance is needed.
This pandemic has closed down opportunities for many businesses, but opened opportunities for others, not least the fraudsters intent on maximising the advantages that lockdown has provided.
Individuals need to be aware that they are now more vulnerable to fraud, particularly of the online type, which means that more vigilance is needed. Take, for example, the 46% increase in the level of online shopping fraud compared to pre-COVID–19 figures as recently reported by the National Crime Agency (“NCA”).
There is anecdotal evidence from the National Cyber Security Centre (“NSCS”) that, whilst the level of cyber fraud is no higher than before the pandemic, there has been a shift towards targeting victims by exploiting the situation we find ourselves in.
To back this up, the NCA has issued a warning that organised crime groups are exploiting the current situation, highlighting the need to be more vigilant in preventing and tackling fraud during this pandemic.
The NSCS has issued details on how cyber criminals are exploiting COVID-19, specifically stating it “…has detected more government branded scams relating to COVID-19 than any other subject…”. There has been a significant increase in healthcare provider and tax rebate scams as well as benefit scheme frauds.
The NSCS has identified a number of ways in which individuals, small and medium businesses and large organisations are being targeted with COVID-19 themes being used as a lure. The threats include phishing (for credential theft) and malicious attacks (for malware and ransomware applications), the registration of new domain names adopting COVID-19 wording with the exploitation of systems set up by organisations to enable staff to work from home being prevalent.
These fraudsters commonly use social engineering techniques to lure a victim to do something that an attacker wants and, we as humans, are very keen to be accommodating. It is our natural instinct to provide more information than we need to and our curiosity makes us click on that suspicious link. These human traits increase our vulnerability at a time when we need to be more vigilant.
That vulnerability is heightened by the increased number of us working from home due to the pandemic. A recent Avast Business survey highlighted by the NSCS identified a number of worrying trends. From 2000 employees surveyed, 18% were using their own unprotected devices for work. Only 26% had security support from an IT department and only 45% were using work secure devices.
Given the increase in virtual meetings, it is surprising that only 23% of those surveyed had undergone any post lockdown training on keeping those meetings secure. Only 7% had received online security training since post lockdown measures had been implemented and, only 24% received regular security training.
What this tells us is that more can be done to limit the threat of cyber-attacks. Law enforcement bodies and regulators are sympathetic to these threats. Minister for Security, James Brokenshire said “The Government is committed to working with the NCA and all law enforcement partners to tackle this”.
However, in practical terms, this pandemic has forced a reappraisal of enforcement priorities. The Crown Prosecution Service has stated that it will only prosecute serious criminal cases. Its recent pre charge guidance is a reflection on the difficulties that businesses face in these difficult times. The Information Commissioner has acknowledged that her office must adjust its regulatory approach, reflecting “…these exceptional times, and showing the flexibility that the law allows...”
The message is that there is no substitution for being alive to these risks, being vigilant and taking steps to reduce them.
As the NSCS states “Individuals and organisations should remain vigilant”. It acknowledges that this is “a fast-moving situation” and that you “should remain alert to increased activity relating to COVID-19 and take proactive steps to protect yourself and your organisations.”
Therefore, following basic steps will increase resilience and reduce vulnerability. The NSCS has issued guidance on how to do that in various scenarios. Following the NSCS guidance should limit the risk, not only at this time, but in the future post lockdown and pandemic stage when the level of homeworking is expected to be significantly higher than before this crisis, with businesses seeking to adopt a more flexible approach to working.
But what of those of us who may have fallen victim to these scams? What can you do is those circumstances?
If you think you are being targeted then adopt the “Stop, Challenge and Protect” mantra. Take time to think, push back and if uncertain, or you think you have been scammed, you should contact Action Fraud and your banks as soon as possible. Speed of response is key so take urgent advice on the steps needed to recover any losses.
Do the above as soon as you suspect anything is wrong as, it is often not too late to recover any losses and, with the right approach, your losses can be minimised.
For further information, please contact Euros Jones, Partner and Head of Business Crime at firstname.lastname@example.org or 020 7822 1928.