According to data obtained from a Freedom of Information inquiry conducted by the Lanop Accountancy Group, Her Majesty’s Revenue and Customs (HMRC) is investigating 10,428 email, SMS, social media, and phone scams exploiting the Covid-19 pandemic.
The highest rate of phishing scams occurred shortly after many countries went into lockdown in May with 5,152 reports to HMRC from members of the public and businesses, up from just 133 in March. Likewise, June saw a large increase in scams with more than 2,500 reports. HMRC also removed nearly 100 fraudulent websites in the same timeframe. These domains would often request several pieces of the user’s sensitive information before also requesting their passport number as ‘verification’.
Interestingly, Stav Pischits, CEO of Cynance, a Transputec company, noted that “Classic non-technical cyber attacks, such as social engineering are still among the most effective ways for criminals to steal personal data from individuals and businesses. These schemes often prey upon the natural vulnerabilities of victims by offering financial support and discounts, in exchange for handing over ‘registration details’, such as bank account numbers and personal data.”
Cyber security expert Chris Ross, SVP International, Barracuda Networks, commented:
“With HMRC offering a range of financial support packages for businesses and individuals during the pandemic, it’s no surprise that hackers have chosen to exploit the crisis in an effort to cash-in on Covid-19. These scams are often cleverly designed with official branding are incredibly realistic, coaxing unsuspecting victims to hand over confidential information such as bank account details, usernames and passwords.
With many people still working remotely for the foreseeable future, it’s vital that businesses ensure each and every member of staff is properly trained to spot these kinds of scams and the necessary cyber security systems are in place in place to identify and block suspected malicious communications, before it reaches the inbox. All it takes is a single victim to hand over important data, and hackers can gain access to critical company systems, allowing them to wreak havoc and steal data. We know from previous attacks on the NHS that hackers will exploit any situation for their own gain, so vigilance against phishing is key during this difficult time.”