5 COVID-19 scams your organisation should be aware of (and how to prevent them)

With the COVID-19 pandemic gripping the world, your employees are likely to be spending significantly more time online.

But the overwhelming amount of news coverage surrounding the virus has created a new risk…

With large numbers of employees working from home, cyber criminals are taking advantage of the disruption, capitalising on the uncertainty to scam suspecting employees into handing over sensitive data and money.

Bogus callers, fake online stores and online and telephone frauds are just some of the scams that the general public should be wary of.

But what scams should each employee in your organisation be aware of?

We have pulled together information and resources to keep you up to speed on the types of scams out there during this uncertain period, examples of online scams (what has been in the news and what a scam looks like). More importantly, we will provide you with tips on how to protect yourself and your employees.

Types of scams

1. Invoice Scams

A business may be contacted out of the blue by someone claiming to be from a regular supplier. They state that their bank account details have changed and will ask you to change the payment details. Fraudsters are taking advantage of the current uncertainty, which is why this type of fraud is popular now.

Tip: Always call an existing supplier on a confirmed telephone number to make sure any demand of this nature is genuine.

2. CEO impersonation scams

A sophisticated scam that plays on the authority of company directors and senior managers. An employee receives a phone call or email from someone claiming to be a senior member of staff – they ask for an urgent payment to a new account and instil a sense of panic. Scammers may even hack a staff email account or use spoofing software to appear genuine. 

Tip: Be wary and alert for any unexpected urgent requests for payment and always check the request in person if it’s possible.

3. Tech support scams

With more people working remotely and IT systems under pressure, criminals may impersonate well-known companies and offer to repair devices. Criminals are trying to gain computer access or get hold of passwords and login details. Once they have access, criminals can search the hard drive for valuable information. 

Tip: Always be apprehensive of cold callers. Genuine companies would never call out of the blue and ask for financial information up front.

4. Coronavirus ‘advice’/ Government grant/tax refund scams

Criminals are pursuing new approaches to profiting from a global pandemic. The number of phishing and smishing attempts have been on the rise as expected recently, as cybercriminals target an already uncertain and vulnerable society.

A business is contacted by phone, email or post by imposters claiming to be from a government or medical organisation. For example, the scammer will suggest the business might qualify for a special COVID-19 government grant or a tax refund. Variations on the scheme involve contacts through text messages, social media posts and messages. They will in some cases request the receiver to click on a link or download an attachment. You may also be asked to provide bank account or login details.

Tip: Organisations should be vigilant about unexpected urgent communications offering financial assistance. Check that the information is genuine and from a trustful source by using official government websites.

5. Fake Invoices/Suppliers

Cyber security criminals are mindful of the massive demand for health products during the COVID-19 crisis. Many companies will search for new suppliers to meet the current demand.

Fake websites and social media accounts are being created by cyber criminals, promoting face masks, ventilators, hand sanitisers, home cleaning products and more.

Cyber criminals will capitalise on this and offer bulk buying of the product, at a very hefty cost. These scammers will take the money, your personal details and fail to deliver the products.

Tip: Only work with a reputable supplier and purchase based on previous experience with the supplier.

Investigate any new suppliers by carrying out as much research as possible. This can be online reviews for example. Call their numbers provided if necessary and use business registration sites for proof of legitimacy.

https://fexco.com/fexco/news/6-covid19-business-scams/

https://www.nationaltradingstandards.uk/news/protecting-businesses-from-covid19-scams/

Examples of online scams

• A recent RTE story reported that a European business seeking to buy alcohol gels and protection masks transferred €6.6m to a company in Singapore after being conned by a fraudulent email. The goods never arrived.
• BBC reported in April 2020, about a multi-million-euro coronavirus mask scam. The alleged scam began after a German company tried to buy 10m masks, valued at about €15m (£13m), from online suppliers. The German buyer placed an online order on a fake Dutch website. Fraudsters put the buyer in touch with an Irish "intermediary", police say. The German firm then made a down payment of €1.5m into an Irish company’s bank account, based in County Roscommon, for masks that were not delivered.
• A story published by the Irish Examiner recently reported that recently a businessman was attending a medical appointment. While he was there, his wife received an email from him requesting her to transfer €30,000 to a bank account in Germany. His wife carried out the transfer believing this email from her husband was genuine. Later that evening she made her husband aware the transfer had been successful. They then realised they had been scammed and defrauded of €30,000. 

Fake emails/email scams to be on the lookout for

https://www.fraudsmart.ie/2020/03/31/stay-alert-examples-of-covid-19-related-scams/

You can have a look at various other examples of phishing emails and scams by clicking here. 

How to protect yourself and your employees against scams

Do

✓ Wherever you access your online information, keep your software updated, including your browser, antivirus and operating system.

✓ Beware of unsolicited requests, especially if they are requesting sensitive information such as your online banking account password or credit or debit card PIN number.

✓ If it’s a telephone request, take the caller’s number and advise them that you will call them back. Look up the organisation’s phone number and contact them directly.

✓ When in doubt, double-check the website or give the company a call.

✓ Look at emails closely: compare the address with previous real messages and check for bad spelling and grammar.

✓ If you think you might have responded to a fraudulent email, text or call and provided your bank details, contact your bank immediately.

Don't 

X Do not use the number they give you.

X Don’t share your credit or debit card PIN number or your online banking password. Your bank will never ask for such details.

X Fraudsters can find your basic information online (e.g. social media). Don’t assume a caller is genuine just because they have such details.

X Don’t transfer money to another account on their request.

X Don’t reply to suspicious emails or texts.

X Don’t click on their links or download their attachments.

X Don’t be rushed. Take your time and make the appropriate checks before responding.

https://www.ibec.ie/connect-and-learn/insights/insights/2020/04/06/covid-19-crime-prevention-advice

Sources

https://fexco.com/fexco/news/6-covid19-business-scams/

https://www.nationaltradingstandards.uk/news/protecting-businesses-from-covid19-scams/

https://www.ibec.ie/connect-and-learn/insights/insights/2020/04/06/covid-19-crime-prevention-advice

https://www.fraudsmart.ie/2020/03/31/stay-alert-examples-of-covid-19-related-scams/

https://www.fraudsmart.ie/business/fraud-scams/email-fraud/phishing/

https://www.fraudsmart.ie/personal/fraud-scams/phone-fraud/smishing/

https://www.bbc.co.uk/news/technology-51838468

Additional Resources

https://www.ncsc.gov.uk/

https://www.ncsc.gov.uk/cyberaware/home

https://www.who.int/about/communications/cyber-security

https://www.garda.ie/en/Crime/Cyber-crime/

https://www.fraudsmart.ie

https://www.ncsc.gov.ie/pdfs/COVID19Advice.pdf

Training Resources

[New] Protecting Data when Home Working in Ireland eLearning Training Course (limited time offer available)

It is vital that all of your employees – from customer service to marketing and sales, many of which will be home working now - know how to protect your organisation’s confidential data from cyber attacks and fully understand their obligation under data protection legislation to protect the data they handle.

Click here to access a free demo