Malicious email attachments, false government grant phone calls and CEO impersonation scams are among a raft of scams undermining businesses as a result of the COVID-19 pandemic. The increasing risk has led National Trading Standards to launch Businesses Against Scams, this is a free online training tool to protect businesses, employees and customers from costly scams.
With remote working and many businesses having to stop or diversify their trading practices, criminals are seizing the opportunity to target employees who are isolated from colleagues. Scams include criminals impersonating government officials or a senior member of the business in order to put pressure on employees to give out sensitive information or make payments.
Criminals will also try and gain access to businesses devices and networks, and everything stored on them. They can do this by:
- Sending emails with malicious attachments;
- Exploiting vulnerabilities in your operating systems if they are not up-to-date;
- Trying to get you to click links or visit malicious websites.
Once they have access to your device and your data, they may try to steal your data or extract money from you by getting you to pay a ransom.
Scams targeting customers also undermine businesses, as criminals often impersonate businesses to defraud their customer base, causing reputational damage and potential loss of business. The emotional and mental impact on employees and business owners who have fallen victim to a scam can also be devastating and long-lasting.
Four common scams targeting businesses include:
- Government grant/tax refund scams – a business is contacted by phone, email or post by government imposters suggesting the business might qualify for a special COVID-19 government grant or a tax refund. Variations on the scheme involve contacts through text messages, social media posts and messages.
Businesses should be cautious about unexpected urgent communications offering financial assistance. Check the information is genuine by using official government websites.
- Invoice/mandate scams – a business may be contacted out of the blue by someone claiming to be from a regular supplier. They state that their bank account details have changed and will ask you to change the payment details.
Never rush a payment. Use contact details you have used before to check it is genuine.
- CEO impersonation scams – a sophisticated scam that plays on the authority of company directors and senior managers. An employee receives a phone call or email from someone claiming to be a senior member of staff – they ask for an urgent payment to a new account and instil a sense of panic. Scammers may even hack a staff email account or use spoofing software to appear genuine.
Be cautious about unexpected urgent requests for payment and always check the request in person if possible.
- Tech support scams – with more people working remotely and IT systems under pressure, criminals may impersonate well-known companies and offer to repair devices. Criminals are trying to gain computer access or get hold of passwords and login details. Once they have access, criminals can search the hard drive for valuable information.
Email scam - HSE
Look out for an email claiming to be from the HSE. The email states that the HSE have received a complaint about your company regarding possible violations during the lockdown period. There is an Excel spreadsheet attached which they state contains details of the complaint. Do not open this attachment. We have had confirmation from the HSE this is a scam.