Protecting businesses from Covid-19 scams

Harbour Key have reported previously on the increasing risk of fraud and virus-related scams, as criminals take advantage of the Covid-19 crisis.  At the end of April, Action Fraud reported that it had received more than 800 reports of virus-related scams and more than 3,600 reports of phishing emails with total losses of £2m.  HMRC have also warned of text messages falsely claiming that you can apply for a virus tax rebate.  It has detected 54 financial scams related to Covid-19 since 23 March and has asked internet service providers to remove 227 web addresses..

With remote working and many businesses having to stop or diversify their trading practices, criminals are seizing the opportunity to target employees who are isolated from colleagues, putting pressure on employees to give out sensitive information or make payments. 

Malicious email attachments, false government grant phone calls and CEO impersonation scams are among a raft of scams undermining businesses. The increasing risk has led National Trading Standards to launch Businesses Against Scams – a free online training tool to protect businesses, employees and customers from costly scams. The free tools for businesses help upskill and train individuals, through free online training modules that will help staff identify and prevent potential scams. Businesses can take the training and sign up HERE

The training is not only relevant and valid due to the Covid-19 crisis, there has always been a risk of these types of scams, the risk is just greater currently.

Four common scams targeting businesses include:

Government grant/tax refund scams

A business is contacted by phone, email or post by government impostors suggesting the business might qualify for a special Covid-19 government grant or a tax refund. Variations on the scheme involve contacts through text messages, social media posts and email messages.

Businesses should be cautious about unexpected urgent communications offering financial assistance and never reply directly, via the text or email received. Check that the information is genuine by using official government websites..

HMRC are currently contacting taxpayers about the Covid-19 Self Employed Income Support Scheme via emails, texts and letters but, as we advise all the time, HMRC will never request you to send personal information or bank details via email or provide any active links to do so.  Claims can only be made online, which requires a Government Gateway account to be set up.

Invoice/mandate scams

A business may be contacted out of the blue by someone claiming to be from a regular supplier. They state that their bank account details have changed and will ask you to change the payment details.

Never rush a payment. Use contact details that you have used before to check that it is genuine.

CEO impersonation scams

A sophisticated scam that plays on the authority of company directors and senior managers. An employee receives a phone call or email from someone claiming to be a senior member of staff – they ask for an urgent payment to a new account and instil a sense of panic. Scammers may even hack a staff email account or use spoofing software to appear genuine.

Be cautious about unexpected urgent requests for payment and always check the request in person if possible, by contacting the individual making the request in a different way.  For example, if you receive an email request, pick up the phone and call the individual..

Tech support scams

With more people working remotely and IT systems under pressure, criminals may impersonate well-known companies and offer to repair or “speed up” devices. Criminals are trying to gain computer access or get hold of passwords and login details. Once they have access, criminals can search the hard drive for valuable information.

Always be suspicious of cold callers. Genuine companies would never call out of the blue and ask for financial information.

Action points

If you don’t have time to commit all this to memory (which is not really an excuse, with the level of risks involved), there is the useful mnemonic DEFENCE to assist in protecting yourself, as provided by the Government.  (However, we also recommend the Businesses Against Scams tools that were set up by the National Trading Standards.) 

D  Do not be panicked into acting hastily.  Be careful, take time and undertake  checks before giving out personal information. 

E  Ensure that you are using the latest software on your phone, tablet, laptop or  other devices. Don’t skip updates just because they take too long or interrupt what you are doing. Scan your computer regularly. 

F  Forward suspicious texts to 7726.  (An easy way to remember 7726 is that they are the numbers that spell ‘SPAM’ on your telephone keypad.) 

Entities such as the police, HMRC and banks will never ask you to withdraw money or transfer it to a different account.  Neither will they ask you to reveal your passwords or PINs. 

N  Never be afraid to challenge unexpected requests. 

C  Contact your bank immediately and report it to Action Fraud if you think you have fallen victim to a scam. 

E  Emails or text messages can contain links.  Do not click any link or attachment from a source you do not trust. 

If a business believes they have been the victim of a scam they must contact their bank immediately and report any suspicious activity to Action Fraud or by calling 0300 123 2040.