Action Fraud, the UK’s national fraud and cyber crime reporting centre, has announced that more than 2,000 Brits lost more than £4.6 million to coronavirus-related scams such as fake online sales, bogus pension plans, and bogus cold calls.
Cyber criminals and fraudsters exploiting the COVID-19 pandemic to launch phishing and smishing campaigns also defrauded a further 11,206 people in the UK ever since the viral outbreak reached the UK’s shores.
Thousands of people across the UK were victimised through these fraudulent coronavirus-related scams even though the National Cyber Security Centre launched a Suspicious Email Reporting Service in April to allow Internet users to report suspicious emails and to trace and shut down fake online shops offering coronavirus related items, malware distribution websites, phishing sits seeking personal information such as passwords or credit card details, and sites used to run advance-fee fraud campaigns.
Within two weeks after the Suspicious Email Reporting Service was launched, the British public flagged over 160,000 suspicious emails, many of which were fake offers of testing kits and face masks. Thanks to active reporting, the government’s cyber security experts were able to trace and take down over 300 bogus websites.
In a period of thirty days between March and April, NCSC also removed more than 2,000 online scams related to coronavirus that included:
- 471 fake online shops selling fraudulent coronavirus related items
- 555 malware distribution sites set up to cause significant damage to any visitors
- 200 phishing sites seeking personal information such as passwords or credit card details
- 832 advance-fee frauds where a large sum of money is promised in return for a set-up payment
Earlier this month, security firm Proofpoint also found that cyber criminals are now setting up phishing websites to mimick those of organisations associated with COVID-19 financial assistance to steal Internet users’ credentials and personal information.
Phishers have been creating duplicates of domains belonging to numerous governments and trusted non-governmental organizations such as WHO, the UK government, HMRC, the government of France, the government of Canada, the U.S. Internal Revenue Service, and Centers for Disease Control (CDC).
“Easily more than half of the 300+ COVID-19 phishing campaigns we’ve observed since January 2020 are focused on capturing user credentials. Credential phishing attackers often tailor their email lures with themes they believe will be the most effective and use general websites for actual credential harvesting.
“The recent move to create custom COVID-19 payment phishing templates indicates that buyers view them as effective enough to warrant custom tactics to harvest credentials,” the firm said.
In its Q1 2020 Top-Clicked Phishing Report, security firm KnowBe4 revealed in April that coronavirus-related scams increased by 600% in the first quarter of the year, with 45 percent of all phishing attacks asked Internet users to either check or type in their passwords on malicious domains that spoofed legitimate ones.
The second most popular phishing attacks used COVID-19-related themes to create urgency and anxiety among recipients worldwide. The rest of the phishing attacks mainly targeted social media users and asked potential victims to check their emails for new login alerts, password resets and unauthorised access alerts.