Businesses have been issued with Covid-19 cyber and fraud prevention messages, courtesy of a joint police taskforce.
East Midlands Police have collated a number of scams to help traders naviage reputable sources.
Fraud and Scams
Scammers are selling fake COVID-19 testing kits, PPE that never arrives, or is not fit for purpose.
These scams are preying on victims fear or curiosity about the pandemic.
Scams in the digital world include phishing emails, SMS messages, malware distribution, ransomware and credential stealing.
Not only have police seen an increase in all the aboce, there have also been many reports of telephone scams with scammers impersonating bank officials and police officers trying to persuads vctims to withdraw money that is then declared counterfeit and then taken away by the fraudsters, or asking them to move money into a ‘safe’ account controlled by the scammers.
Ask yourself – can you trust who is on the line? Put down the phone and wait a few minutes before contacting your bank to check.
Hoax NHS website
A hoax copy of the NHS website has been discovered. The website includes harmful inks to COVID-19 related health tips. Once these links are clicked on, a pop up box appears asking visitors to save a file called ‘COVID-19’. If saved, the malware it contains steals passwords, credit card date, cookies from borwsers, srypto wallets, files and screenshots.
Criminals are also sending out phishing emails and malware asking for donations from the unsuspecting public to aid those most affected.
Phishing emails advertising face masks which plays on the rumours being reported in the media that the public may be asked to wear face masks outside once lockdown is lifted.
Reports are also being received in the US of a new SMS scam claiming ‘someone who came into contact with you has tested positive for COVID-19.
Attackers have deployed a phishing campaign against remote workers using Skype, luring them with phishing emails that fake notifications from the service. The social engineering in this campaign is refined enough to make victims access the fraudulent login page and prvide their credentials.
Furthermore, the username is automatically filled in, which only helps clear any suspicion. All the victim has to do is type in their password and the attacker gets in automatically.
Report all fraud and cybercrime to Action Fraud by calling 0300 123 2040, or forward suspicious emails to firstname.lastname@example.org