ICAEW.com works better with JavaScript enabled.

Cybercriminals unleash wave of COVID-19 attacks on businesses

Updated 23 April: Within 24 hours of the government’s Coronavirus Job Retention Scheme being launched, online fraudsters had sent a flurry of phishing emails targeting unsuspecting businesses claiming to be from HMRC chief executive, Jim Harra.

London-based accountancy firm Lanop Group told Computer Weekly that cybercriminals have been quick to take advantage of the high levels of interest in the programme, revealing that more than 50 of its clients had already been in touch to report suspicious emails, having spotted the email did not originate from a legitimate domain.

The emails, attempting to get hold of the recipient’s banking details, state: “Dear customer, we wrote to you last week to help you prepare to make a claim through the Coronavirus Job Retention Scheme. We are now writing to tell you how to access the COVID-19 relief. You will need to tell us which UK bank account you want the grant to be paid into, in order to ensure funds are paid as quickly as possible to you.”

Lanop managing partner Aurangzaib Chawla urged businesses to think twice before handing over bank details and making bank transfers in response to email requests during the pandemic.

“Cybercrime is rising rapidly, and this is the first of what we expect to be many scam emails, designed to trick unsuspecting owners into handing over private company data,” said Chawla.

‘Dramatic rise’ in activity

Sadly, such attacks represent just a fraction of the dramatic rise in COVID-19-related cybercriminal activity.

The National Cyber Security Centre (NCSC), an offshoot of GCHQ, has removed more than 2,000 online coronavirus scams over the last month, including 471 fake online shops selling fraudulent coronavirus-related items, 555 malware distribution sites set up to inflict significant damage to visitors and 832 advance-fee frauds promising a large sum of money in return for a set-up payment.

HMRC is asking people to forward suspicious emails claiming to be from HMRC to phishing@hmrc.go.uk and texts to 60599.

Due diligence needed

Meanwhile, the Charities Commission has issued warnings after online fraudsters and criminals targeted the sector with coronavirus-related activity.

This includes procurement fraud, where scams involve the online sale of vital personal protective equipment (PPE), such as face masks and gloves, online which never arrive or do not meet the required standards.

The commission advises potential buyers to carry out proper due diligence if making a purchase on behalf of a charity from a company or person unknown to them.
Another common scam is mandate or Chief Executive Officer fraud. This involves being asked to make changes to bank details or make payments to a new account. Charity personnel are advised to always follow their organisation’s validation procedures and check the authenticity of such messages before actioning any payments or banking changes.

Charities have also been targeted by fraudsters claiming to be from a legitimate organisation able to provide information such as a list of ‘at risk’ elderly people in the community who may require support from the charity. The victim is then asked to click on a link to get the information leading to a fake website or a request to make a cryptocurrency (such as Bitcoin) payment.

HMRC's suspicious email reporting service can be reached at phishing@hmrc.go.uk.

For further information on cyber security, please see ICAEW's designated resource hub.