NATIONAL CSSC Fraud Advisory Panel Bulletin…

CURRENT COVID-19 FRAUD RISKS
• Phishing emails (generally)
• Payment diversion / mandate fraud
• Identity fraud
• Misinformation campaigns (esp. ‘cure’-related)
• Malware attached to coronavirus trackers
• Online shopping fraud (esp. pets who the fraudsters claim are in quarantine)
• Investment fraud
• Pension liberation fraud
• Data breaches (esp. unsecure video conferencing systems and failing PCI DSS)
• CEO fraud

ANTICIPATED AND/OR EMERGING ISSUES
• Spread of misinformation about coronavirus cures. For example in the Middle East an email purporting that methanol is a cure led to at least 700 deaths.
• Government support scheme frauds (incl. business interruption and the small business fund).
• Serious Organised Crime Groups using COVID-19 as a hook for future frauds.
• Increases in pension and investment frauds linked to the economic recovery.
• Phishing emails related to the Self-Employment Income Support Scheme (SEISS).
• Bogus claims for the CV Job Retention Scheme (CJRS).

SOME SIMPLE PREVENTATIVE TIPS
• Suspicious emails should be sent to the NCSC at report@phishing.gov.uk
• Fraud Advisory Panel help-sheet on invoice fraud. Available here.
• The ICAEW IT Faculty is running a free webinar on 12 May on ‘five steps to cyber hygiene for the smaller firm’ which will include the latest COVID-19 guidance from the National Cyber Security Centre, available here.
• When using video conferencing platforms:
o Use additional security (such as 2FA).
o Do not share confidential information.
o Follow Zoom guidance on best practice.
o Follow the NCSC best practice guidance