As COVID-19 cases once again spike across the UK, the government has announced a new national lockdown.
As well as the ongoing pandemic, consumers need to remain vigilant against online scammers who are trying to take advantage of the situation and con the bored, lonely and vulnerable out of their hard-earned cash.
Scroll down for a look at five of the most common scams circulating, and tips on how to avoid falling victim to them.
Why has scamming skyrocketed in the UK during the pandemic?
Wherever there is an opportunity, scammers will undoubtedly strike. The COVID-19 pandemic has presented a new and unique set of opportunities for scammers to exploit.
The pandemic is an unprecedented global health and economic crisis that has fueled people's financial and health anxieties. Scammers are always looking to exploit people's natural fears, and the pandemic has increased these opportunities.
Whatever factors may be contributing to the surge in scamming activity during the pandemic, UK residents should be aware that it's happening, and should know what they can do to protect themselves from becoming victimized by a coronavirus-related scam.
The top 5 scams to look out for during the next lockdown in the UK, and how to avoid them
Let's look at the top 5 scams that you need to be aware of during the next lockdown. Below, we highlight how each scam works and what actions you can take to protect yourself.
HMRC Tax Rebate Scam
What it is:
The HMRC tax rebate scam is a classic phishing campaign that has been making the rounds during the pandemic, this is an email scam that should be on everyone's radar. Cybercriminals have been sending emails and text messages to UK residents telling the recipient they are eligible for a tax rebate because of the pandemic.
They design the emails to appear as though they are coming from the .gov website and they inform the recipient that they must click on a link or download an attachment to claim their tax refund under the government’s new coronavirus tax refund program.
The message may also show that recipients have a limited time to claim their refund, adding a sense of urgency in an attempt to make the recipient act quickly.
If the recipient takes action to claim their refund, however, they will either download malware onto their device via an attachment in the email or they will find themselves directed to a phishing site if they click on a link in the email.
The phishing site is designed to harvest personal information like the recipient’s full name, date of birth, address, phone number, mother’s maiden name, financial info, etc. The victim will be sending that data directly to a network of cybercriminals instead of to HMRC. And, of course, there is no tax refund.
Here's an example of a tax refund scam:
How to avoid it:
The most important thing to do to avoid phishing scams like the HMRC tax rebate scam is to never click on any links or download any attachments. It is also never advisable to respond to the message or to furnish the sender with any information whatsoever.
HMRC phishing emails can appear to be quite convincing at first glance, so it may be difficult to determine its authenticity if you don’t know what to look out for, so it is important to remember that HMRC will never contact UK residents via email regarding any tax refunds or rebates in the first place.
You can report the suspected scam directly to HMRC by forwarding the message to the agency at [email protected].
Amazon Email Scam
What it is:
As in the first lockdown, shoppers will have no choice but to turn to online purchasing for anything deemed 'non-essential'.
For many online shoppers, they may find that it’s difficult to keep track of everything they have ordered online. Cybercriminals will hope to pounce on this, sending phishing emails that appear to be coming from Amazon.
These phishing emails may claim to be an order confirmation message or maybe a notice that the recipient must update their payment details in order to complete an order for a product or service through the site.
Of course, the links in these emails will invariably lead to phishing sites where scammers hope unsuspecting victims will go to enter their personal information along with their credit card details or other financial data.
Any information submitted into fields on a phishing site will be sent not to Amazon, but directly to the criminals operating the scam.
How to avoid it:
If you notice an email coming from Amazon referencing an item or service you didn’t order, requesting that you update your payment data, or that looks suspicious in any other way, do not click on any links, open any attachments, or reply to the email.
These emails will appear to come from Amazon, but just like any other phishing email, will probably contain typos and other inconsistencies.
If you’re not sure if an email from Amazon is legitimate, rather than clicking a link, instead go directly to the Amazon website to check your account and order history there. If you suspect that an email message appearing to come from Amazon is fraudulent, you can report it to Amazon directly.
It’s also important to keep the following information from Amazon in mind:
Amazon will never send you an unsolicited message that asks you to provide sensitive personal information like your social security number, tax ID, bank account number, credit card information, ID questions like your mother's maiden name or your password. Amazon will never ask you to make a payment outside of our website and will never ask you for remote access to your device.
Here's an example of an Amazon account scam:
What it is:
Another classic. The DVLA scam aims to trick motorists into disclosing their personal and financial information by sending them emails claiming to be from the DVLA and informing them that their profile needs to be updated in order to avoid having their motoring license terminated.
The email contains a link to a form where the recipient is required to update their profile. The email even warns the recipient that "You must use your valid and official information to complete this form. Using any nicknames or short addresses can lead to rejection of this update”. However, recipients who submit their "valid and official information” will be submitting it directly to scammers instead of to the DVLA.
How to avoid it:
If you receive this email, remember it is not from the DVLA, since the DVLA will never ask email recipients to respond to an email or request their personal or financial information. The DVLA will also never include a link in any email for the recipient to click on. Instead, the agency will ask the recipient to visit gov.uk directly for further information.
If you receive a message claiming to be from the DVLA requesting you to click a link or submit any personal information, do not under any circumstances do so. Simply ignore and delete it.
Here's an example of a DVLA scam:
NHS Test and Trace Phony Contact Tracer Scam
What it is:
This is a particularly nasty scam in which criminals pose as NHS contact tracers in an attempt to steal bank details from unsuspecting victims, claiming the details are required to cover the costs associated with sending them a coronavirus testing kit.
The scam works like this: a fake contact tracer will get in contact with a victim typically via either phone or email and claim to be calling from the NHS track and trace scheme. The target is informed that they have been in close contact with an individual who has tested positive for COVID-19 and that they should self-isolate and take a coronavirus test. The scammer then requests that the target supply their home address along with their bank card details to pay for the testing kit.
That’s all the information a scammer needs to use those financial details as their own or sell them on the dark web to be used by other criminals. Either way, it leaves unsuspecting victims vulnerable to credit card fraud and unauthorized charges to their bank accounts.
How to avoid it:
It is important to know that NHS does not charge for any COVID-19 testing service. No legitimate contact tracer will ever ask you to supply them with your bank account or card details, passwords, or ask you to purchase a service or download any type of software.
All legitimate contact tracing calls will come from the following number: 0300 013 5000. If you receive a call from a contact tracer that asks for such details or calls from a different number, then your best bet is to hang up.
Never provide any personal or medical information to any caller unless you are 100% sure the caller is an official, legitimate contact tracer representing the NHS.
TV Licensing Scam
What it is:
When the first lockdown restrictions in the UK began to bite, people naturally spending more time in front of the TV as bars and restaurants across the country were closed. This meant scam artists started sending TV phishing emails to UK residents claiming there was an issue with their payment and their TV license would be terminated as a result.
In order to avoid having their TV licenses terminated and their information handed over to a debt collection agency, they urged victims to follow a link to enter their personal and financial information to pay the debt and retain access to their TV licenses. Some scam emails even promised a special COVID-19 offer.
How to avoid it:
There’s no reason to believe that cyber-criminals won't continue trying to push this scam, so UK residents need to keep an eye out for any emails TV Licensing. To avoid becoming victimized by this scam, don’t click on any link or supply the sender with any personal or financial information. As always, if you come across this scam or one like it, you can always report it to Action Fraud.
Here's an example of a TV Licensing scam:
Alternatively, you might see something like this:
Covid-19 Malicious Doman Checker
ProPrivacy have worked alongside WHOIS and VirusTotal to create a tool that checks websites for malicious content so you can stay one step ahead of the scammers and hackers. All you have to do is visit the page below and enter a website you're worried about, and we'll tell you if it has been flagged as a potentially dangerous website to visit.
Other scams to look out for
Unfortunately, these five are only the most common, and there are many others that cybercriminals will try to hook you with. They usually follow the same line:
- You must input personal/bank information
- You must act quickly (to create a sense of urgency)
- If you provide the information quickly, there will be a severe consequence (fines, contract termination, prison, etc).
Here's an example of a Netflix scam:
And a PayPal scam:
Online scams aren't going away as long as the public continue to fall for them, make sure you know how to protect yourself, and share this information with your friends and loved ones so they can protect themselves too.
- Don't click on any downloads or links
- Always check the sender
- Look for typos
- If in doubt, check with the relevant authorities