Covid-19 fraud

Fraudsters are always looking for new opportunities to target your business – and the Covid-19 pandemic is no different. Here are some of the tactics to look out for.

There are a number of coronavirus-related scams and malware campaigns in the UK, which are designed to encourage you to give away sensitive banking and personal information, or download malicious files onto your personal or work devices.

Here are a few simple steps you can take to keep your details, and your business, safe from fraud.

Buzzwords to look out for

Be extra vigilant if you receive emails, texts, calls or letters claiming to be from, or containing links to, these organisations:

• Centers for Disease Control & Prevention (CDC)
• Global Health Centre
• Organizzazione Mondiale della Sanità (OMS)
• Shipping company customer service teams
• Updates from presidents of corporations
• World Health Organisation (WHO).

You should also take care if you get any emails that mention coronavirus, especially if they also reference:

• A link for an app that tracks the virus using an interactive map
• Business working conditions or policies
• Campaigns raising money for research into cures, or funds for victims
• Information about hospitals in affected areas
• Mortgage repayment holidays or rent relief
• Parcel shipping cancellations
• Refunds from airlines or entertainment bookings
• Money transfer requests for victims trapped abroad
• Services claiming they can diagnose coronavirus
• Tax refunds from gov.uk
• Websites where you can buy coronavirus masks, test kits, sanitiser gels or protective equipment.
   

Ways to stay safe

If you get an email like the one we’ve described above:

• Don’t click on any links or download or open any attachments
• Don’t enable macros in any attachments
• Don’t enter or provide your personal information, bank details, usernames or passwords
• Don’t forward it to colleagues or reply to it.

If you get a message that looks relevant to something you’ve bought or a service you use, it’s still best not to reply, but contact the company claiming to have sent it via a different method you’re confident is secure – like a phone number or email address shown on its official website. For banks, you can contact your relationship team.

Invoice and impersonation fraud

Fraudsters will be looking for opportunities to exploit any vulnerabilities in your processes while your staff are working remotely. Make sure you and your colleagues stay vigilant, wherever they are working from.

If your teams are using their own devices, remind them of best practices such as keeping their software up to date, using secure wifi and running anti-malware and anti-virus software. If your business is able to, you and your colleagues should consider the use of a virtual private network (VPN).

Make sure that any urgent or unusual payment requests – including changes to the details of a beneficiary – are checked on a known and trusted number before making the payment. Even if the request appears to come from a contact within your own company, it’s still important to check first.

What to do with a suspicious message

Remember that your bank may ask you for some information, but will never ask for your full password or PIN, provide you with details to make a payment, or request that you grant them access to your systems or PC.

If you get an email or text that claims to be from us but looks suspicious, please forward it, along with any attachments if possible, to internetsecurity@barclays.com.

Visit our fraud protection hub for further details on how to help keep your company safe from fraud.

Read related insights