Covid-19 – Phishing Scams warning and advice - PKF Francis Clark
skip to Main Content
Merry Christmas! Our offices will be closed from 1pm on Christmas Eve, reopening on Tuesday 4 January.

Covid-19 – Phishing Scams warning and advice

Home working during the Covid-19 pandemic means we are all keen to absorb as much information about the crisis as possible. Such a desire for information is now actively being exploited as a weakness by criminals online. There has been a marked surge in the amount of scams that are being seen, many of which are preying upon the fear of Covid-19. Uncertainty of where money will be coming from has people jumping at opportunities presented to them through cleverly crafted emails and websites purporting to offer support from the Government.

HMRC has noted a phishing scam where they are being impersonated and ‘informing people that as a precautionary measure against the illness, they are offering a tax rebate’. This is taking the form of emails, SMS, phone calls, and social media. For businesses and individuals alike, this can be a tempting offer which can lead to a shortage of funds in a critical time.

Q. What does a phishing scam look like?

A. Phishing scams will look much the same as normal communications which is why they are often so successful. Pay particular attention to:

  • Is the message or call coming from a genuine source? – if you are uncertain, look up the details of wherever the message or call is coming from. You can look these up separately using search engine online.
  • What is being asked of you? – is the message or call trying to get you to do something you wouldn’t normally do such as provide log in details or make a payment?
  • Is there a deadline or timeframe on what is being offered? – if you are being asked to do something urgently, it may be that you are being rushed into giving away information or funds before you have time to properly think about what is going on.
  • There are links to follow to log in or apply – whilst these may sometimes be legitimate, they are a key way in which scammers will attempt to get you to visit a false website. Hover your mouse over the link and it will reveal the actual site that the link will take you to.

Q. What should I do if I receive one of these scams?

A. If you identify one of these scams the most important thing is not to interact with it. Even clicking on a link or opening a file to see what is in it can have negative consequences. The best option is often to simply delete the message or hang up on the phone call. If the phone call is from a genuine source they will understand you saying you need to hang up and phone them back from their number which you can find online. You will also want to inform people so that you can help prevent other people falling for the scams:

  • Your IT team – your IT team may be able to block incoming messages like this if they identify their source. Do not forward the email to the IT team in case someone accidentally opens it. Let them know the details of it, if they need to see it they will likely be able to retrieve it.
  • Action Fraud – Action Fraud is the UK’s national reporting centre for fraud and cyber-crime. You can let them know about a phishing campaign on their website which is located here:
  • HMRC – if the scam is specifically impersonating the HMRC then they would like to know about it. You can report this to them via email: [email protected] making sure to include details of it such as date, time and phone number that you were called from.

Q. I’ve fallen victim to a scam, what should I do?

A. If this happens you should immediately contact your bank to see if they can protect your account and prevent or reverse any transactions. The first 24 hours is critical to mitigating any damage. Depending on what information was given away you should also:

  • Reset passwords to your accounts – if you have been asked to log-in to or apply for something, you should reset your passwords. Many people use the same passwords for different things and so if you have gone to apply for aid by creating an account with a scam then they may use that password for other accounts.
  • Phone the police – phishing is a crime. You should report this to the police on 101.
  • Have your computer checked – if the phishing attempt was through your computer you should have it checked by a competent IT person. It may be that malware was installed which can have more persistent implications.
  • Report it – using the links from the previous section. By reporting these to the relevant people we can help protect others from falling victim.
  • Check if you can get your money back – many payment services now have protections in place for these kinds of things. You can look over some in detail on the citizens advice website here:

Phishing has been around for a long time. In times of crisis there will always be a surge as threat actors look to take advantage of the ill-informed or those in a tough position looking at every option. If you are concerned about this and would like some specific advice on how to protect yourself and your business please get in touch: [email protected]

For more information about how we can help please read our cyber security services guide

Back To Top