Beware COVID-19 Grant Phishing E-mail
Businesses are advised to be aware of a suspicious email requesting re-submission of application details in order to receive the COVID-19 Retail, Hospitality and Leisure grant. The e-mail claims to be from the ‘Director of Finance (Section 151 Officer)’; however the individual stated holds the post at a different authority and had no knowledge of the correspondence or the fraudsters attempt to use their details to legitimise a scam email in another area.
Do not respond to this email as it is a fraud. It superficially appears legitimate, it is a scam designed to acquire the details of eligible grant recipients. Please raise awareness to your organisation organisations and business communities.
Measures announced over recent weeks to deal with coronavirus (COVID-19) have seen our day-to-day life drastically changed – we are spending more time at home and online.
Unfortunately, criminals will use every opportunity they can to scam innocent people and their businesses. They are experts at impersonating people, organisations and the police. They spend hours researching you for their scams, hoping you’ll let your guard down for just a moment.
They can contact you by phone, email, text, on social media, or in person. They will try to trick you into parting with your money, personal information, or buying goods or services that don’t exist.
Law enforcement, government and industry are working together to help protect you and your businesses from these criminals, by identifying fraudulent websites, preventing phishing emails, blocking phone numbers and ultimately bringing those responsible to justice.
There are simple steps you can take to protect yourself and your business.
How to protect yourself
- taking a moment to stop and think before parting with your money or information could keep you safe
- consider if it could be fake – it’s ok to reject, refuse or ignore any requests – only criminals will try to rush or panic you
- the police, or your bank, will never ask you to withdraw money or transfer it to a different account – they will also never ask you to reveal your full banking password or PIN
- do not click on links or attachments in unexpected or suspicious texts or emails
- confirm requests are genuine by using a known number or email address to contact organisations directly
- contact your bank immediately if you think you’ve fallen for a scam and report it to Action Fraud
- to keep yourself secure online, ensure you are using the latest software, apps and operating systems on your phones, tablets and laptops – update these regularly or set your devices to automatically update so you don’t have to worry
How to protect your business
- if you receive a request to make an urgent payment, change supplier bank details, or provide financial information, take a moment to stop and think
- it could be a fake – verify all payments and supplier details directly with the company on a known phone number or in person first
- contact your business’s bank immediately if you think you’ve been scammed and report it to Action Fraud
National Cyber Security Centre
The National Cyber Security Centre also has advice on how to keep your business secure online:
- self-employed and sole traders: advice to protect your business and the technology you rely on
- small and medium-sized organisations: advice for businesses, charities, clubs and schools with up to 250 employees – you’re likely to fall into this category if you do not have a dedicated team internally to manage your cyber security
- large organisations: security advice for businesses, charities and critical national infrastructure with more than 250 employees – you are likely to have a dedicated team managing your cyber security
Where to get help
If you are worried that you may have been a victim of fraud, or would like more information about what you can do to help protect yourself, these services can help.
Report fraud and cyber crime to Action Fraud
If you think you have been scammed, defrauded or experienced cyber crime, Action Fraud is the UK’s national reporting centre for fraud and cyber crime.
Not sure where to start? Citizens Advice offers confidential advice online, over the phone, and in person, for free. You can contact them for support on issues you might be facing, if you’ve been a victim of fraud or a scam.
How to stay secure online
The National Cyber Security Centre (NCSC) is the UK’s national technical authority on cyber security. It provides advice to help individuals and businesses be secure online, which includes guidance for the public on the security of videoconferencing, online shopping and online gaming. For organisations, it includes advice on working from home and mitigating the threat from ransomware.
The NCSC has launched a cross-governmental ‘Cyber Aware’ campaign, which offers actionable advice for people to protect passwords, accounts and devices. It encourages people to ‘Stay home. Stay Connected. Stay Cyber Aware’. You can find out more about the Cyber Aware campaign.
The NCSC has launched the pioneering ‘Suspicious Email Reporting Service’, which will make it easier for people to forward suspicious emails to the NCSC – including those claiming to offer services related to coronavirus. You can forward any suspicious emails to firstname.lastname@example.org. The NCSC’s automated programme will immediately test the validity of the site and if found to be a phishing scam, it will be removed immediately.
Investment or pension scams
ScamSmart is a Financial Conduct Authority campaign to help consumers avoid investment or pension scams. They recently published specific advice related to coronavirus-related scams.
Take a stand against scams
The Trading Standards Scams Team run Friends against Scams, an online learning session that aims to empower people to take a stand against scams. It helps to build community resilience and prevent people from falling victim to scams by teaching them how to spot the signs and share the messages. It has recently been updated to cover coronavirus-related scams
Emails or texts from HMRC
HM Revenue and Customs (HMRC) have published guidance on how to recognise genuine contact from HMRC. If you think you have received an HMRC-related phishing or bogus email or text message, you can check it against examples published on GOV.UK.
You can forward suspicious emails claiming to be from HMRC to email@example.com, and texts to 60599.
The above information is from Government guidance