British police are saying coronavirus-related fraud reports have spiked by 400 per cent over the past six weeks as the COVID-19 illness continues its inexorable march through humanity.
Although absolute numbers of reports are low, perhaps kept that way because the public now knows Action Fraud is largely useless, the National Fraud Intelligence Bureau (NFIB) said there were a total of 200 reports of coronavirus scams made to them since 1 February.
"The majority of reports are related to online shopping scams where people have ordered protective face masks, hand sanitiser, and other products, which have never arrived," said the NFIB in a statement.
The police unit's chief, Superintendent Sanjay Andersen, added: "The majority of scams we are seeing relate to the online sale of protective items, and items that are in short supply across the country, due to the COVID-19 outbreak. We're advising people not to panic and to think about the purchase they are making. When you're online shopping it's important to do your research and look at reviews of the site you are buying from."
This links into both private sector and public sector figures showing that coronavirus-related phishing messages are spreading like – well, like a global pandemic.
Infosec biz Check Point said earlier this week it had seen an uptick in cybercrime forum activity, including criminals offering discounts to fellow crims for using coronavirus-themed bait in online scams and phishing attacks. Yaniv Balmas, the firm's head of cyber research, gloomily observed: "Furthermore, we are seeing hackers use the attention on COVID-19 to spread their harmful 'goods' in as many places as possible through COVID-19 specials and discounts on the dark net."
Earlier this week the GCHQ-owned National Cyber Security Centre warned of "bogus emails with links claiming to have important updates, which once clicked on lead to devices being infected." Those scam emails included ones appearing to come from the US Centre for Disease Control and the World Health Organisation, offering paid-for access to a live map of nearby COVID-19 infection cases.
Clicking the link in the email takes you to a credential-stealing webpage so cybercrooks can empty unwitting marks' bank accounts.
Another common one doing the rounds, according to the police NFIB, is a variation on the old HM Revenue and Customs tax refund scam. These versions display the HMRC logo and feature bait text that looks reasonably convincing.
🚨 I’ve received this email personally into my email inbox...ITS A HMRC SCAM 🚨 ‘Dear Taxpayer’ is the first sign, it’s from email@example.com and finally HMRC don’t correspond via email. I did not click on the link instead I’ve reported it to @actionfrauduk 🌟 @TakeFive pic.twitter.com/N8w6LCExyM— Georgina Kate Woodcock (@GeorginaWoodco) March 9, 2020
With political wonks filling Twitter with shrill demands for the government to hand out money directly to citizens instead of providing loans and grants to businesses, this particular scam may sucker in even switched-on netizens.
Paul Chichester, NCSC's director of operations, said in a canned statement: "We know that cyber criminals are opportunistic and will look to exploit people's fears, and this has undoubtedly been the case with the Coronavirus outbreak."
Emails seen by NCSC were being used to spread the Emotet banking trojan, a particular hazard in an era where virtually everyone below a certain age has become dependent on online banking as a result of lockdowns and growing rumours of mandatory home curfews in the UK.
Stay safe – and that means online as well as offline. ®
Prime Minister Boris Johnson has ordered bars, restaurants, clubs, gyms, and similar businesses to close immediately, and for people to socially distance themselves and work from home if possible, to prevent the spread of coronavirus in Blighty. The UK government has also offered to cover 80 per cent of wages for employees unable to work, up to £2,500 a month.