Covid-19 scams: how the pandemic has been Christmas for fraudsters

‘Smishing’, fake charities and parcel delivery wheezes have all done the rounds

The pandemic has been Christmas for fraudsters
The pandemic has been Christmas for fraudsters

Stress, bewilderment and panic are all a rational response to the Covid-19 crisis that have the side-effect of leaving people more vulnerable than they normally would be to exploitation by opportunistic fraudsters.

Garda figures released earlier this month show online fraud increased by 55 per cent and phishing complaints rose 45 per cent in the period March 1st to May 31st compared to the same time last year.

There is an obvious explanation: new circumstances, new payments and new procedures have opened up new avenues for unscrupulous criminal operations. As Europol executive director Catherine De Bolle put it, the pandemic "brings out the best but unfortunately also the worst in humanity".

Some scams are, of course, less convincing – and less grammatically sound – than others. One recent flurry of surely 100 per cent unsuccessful emails assures newspaper journalists they are eligible for a cash bonus the likes of which haven’t been seen in the industry in several decades, if ever.

READ MORE

We all think we’re too clever to fall for a scam. But some attempts at phishing – the practice of luring people into giving away financial information that can then be used to defraud – are highly sophisticated, and fraudsters only need a small proportion of their targets to be too trusting or unthinking at that exact moment in time in order to sustain the whole shady business.

So what’s been going on and what should people look out for as a matter of course?

‘Smishing’ warnings

The Revenue Commissioners and the Department of Employment Affairs and Social Protection are the two highest-profile public organisations that have been impersonated in recent months as part of phishing attempts made via SMS (text messages). Phishing by SMS is sometimes referred to as “smishing”.

In the Department’s case, the texts began almost as soon as the economy shut down. Members of the public received messages from an unknown number telling them they were entitled to the Covid-19 pandemic unemployment payment and to clink on a link marked “socialwelfareireland”. When the recipient clicks on the link, they are then asked to provide their bank account details.

The Department has advised the public that such messages are scams and that they shouldn’t click on the link or reply to the text. Anybody who provided information in response to the fraudulent texts should contact their bank immediately.

Revenue has reminded people that it never sends text messages requiring the provision of personal information via links, pop-up windows, reply texts or email

It added that it never requests bank account or any other financial institution account details from its customers by phone or by social media. Neither does it seek to clarify or check this information over the phone. Bank account information is only accepted as part of a written application to the Department.

Revenue profiles

There has also been “ongoing circulation” of a number of scam text messages purporting to come from the Revenue, which similarly contain a link to a fraudulent website seeking personal information from taxpayers.

As a result, the Revenue has reminded people that it never sends text messages requiring the provision of personal information via links, pop-up windows, reply texts or email, and that taxpayers using its online services should always access them through Revenue.ie. This is important as some mocked-up websites used by phishing operations will very closely resemble the real thing.

Regrettably, these scams do yield success for those who perpetuate them. The Revenue last month informed 3,000 taxpayers that as a result of information provided by them, personal details held in the user profile of their Revenue myAccount may have been accessed by fraudsters.

Although the cybersecurity of the Revenue’s systems hadn’t been breached, taxpayers had “unwittingly” compromised the security of their profile by providing details such as their PPS number, date of birth and myAccount password. Fraudsters could potentially have obtained bank details through this route.

Celebrity impersonations

Some scam artists don’t fancy pretending to be Government departments or financial institutions, opting instead to invoke the name of a trusted celebrity. In March, coronavirus opportunists came for singer Daniel O’Donnell, impersonating him on social media in a fake account targeting his fans and asking them for donations to help the fight against Covid-19.

O’Donnell warned fans that this was an online hoax and that the account had been reported to An Garda Síochána. Anyone who donated was urged to contact the gardaí or the relevant law enforcement authority in their country.

The Department confirmed fraudsters were seeking bank details over the phone from those  they were targeting
The Department confirmed fraudsters were seeking bank details over the phone from those they were targeting

The singer, who doesn't communicate directly with fans on Facebook, WhatsApp, Instagram or any social media platform, described the scam as "horrendous to see at this difficult time for everyone", and the warning remains prominently displayed on his website.

More Covid scams

The pandemic has led to a surge in demand for certain goods, an explosion in remote working – often involving computers that don’t have up-to-date antivirus software – and an uptick in people using online banking services for the first time.

This gives fraudsters multiple opportunities to take advantage of consumers, according to the Banking and Payments Federation of Ireland (BPFI). Its fraud awareness initiative FraudSmart has highlighted some of them, including the scourge of "fake suppliers" taking payment but not delivering items such as face masks. These scams often target businesses that urgently need a large supply and pay up out of desperation.

Businesses can also be victims of invoice redirection fraud, where they receive a fraudulent email or letter claiming to be from an existing supplier or creditor. It posits that the bank account details for the payment of future invoices should be made into a different account. The BPFI’s advice to recipients is to telephone the known contact, but not to use the details on the email or letter requesting the change – look it up independently instead.

Other Covid-themed scams have seen fraudsters who allege to be researchers from the World Health Organisation claiming they can provide a list of active infections in a particular area. But it will only do so for people who either make a payment into a Bitcoin account or click on a dodgy link that releases malware onto their devices to extract usernames and passwords for email and bank accounts.

WhatsApp messages offering “banking advice”, requests to dial premium phonelines and calls from fake medical or charities asking for urgent money transfers are some of the others doing the rounds.

Some behaviours, such as cold-calling, high-pressure selling tactics or the offer of deals too amazing to refuse, should trigger suspicion straight away

Another variety of phishing sees people told their mail item is being held because of an overdue payment and they must click on a link to have it released. Some of these delivery scam texts have recently carried the An Post logo, prompting An Post to remind customers that "constant vigilance is required" as the sources of the scams and the methods used by scammers "change all the time".

Clone firms

The age-old business of trying to hoodwink people with investment opportunities that are too good to be true is, alas, still with us.

Legitimate companies or individuals offering financial services and products in the Irish market must by law have authorisation from the Central Bank of Ireland. It is a criminal offence not to do so.

The Central Bank maintains a list of the more than 400 unauthorised firms uncovered since 1998 on its website and anyone with information about such firms or individuals can contact the regulator on 01 224 400.

The regulator has highlighted a disturbing trend, however, of unauthorised firms increasingly “cloning” the details of real, regulated financial companies “to add an air of legitimacy to their fraud”. They may even quote authorisation numbers or company registration numbers, provide links to seemingly legitimate websites and cite the real address of an authorised firm.

Last month, the Central Bank warned about six such unauthorised firms: Yves Kapital Trading (also known as YK Trading Inc, YK Trading Ltd and Yk Trading GMBH), Alan Davis Management, Westwood Investment Funds, Strategic Investment Funds, Rentrix Global Transfer and Hedge Invest International. They all have similar names to authorised firms.

Take, for example, Alan Davis Management. This was an unauthorised operation using an address in London and the now-defunct website alandavismanagement.com. It cloned the website of a firm authorised by the Central Bank while also invoking the name of Alan Davis, a firm authorised by the UK’s Financial Conduct Authority with an address in Belgium. There was no connection or associated between the unauthorised entity and the two firms it cloned.

It is easy to see how people might be tricked. However, some behaviours, such as cold-calling, high-pressure selling tactics or the offer of deals too amazing to refuse, should trigger suspicion straight away.

The Central Bank recommends checking its register of authorised firms before dealing with any firm and also making independent inquiries, ringing firms back directly using their advertised phone number rather than an unknown mobile. Anyone who is the victim of an unauthorised firm should report it to their own bank, the Central Bank and the Garda, not least since victims of scams and frauds are more likely to be targeted again.

“This could be weeks or years after the original scam or fraud took place,” the Central Bank advises. It happens because fraudsters trade contact databases known as “sucker lists”.

People should think twice when receiving messages apparently from friends or acquaintances with dubious links or requests for money

Sometimes victims will be given what seems like a chance of correcting their mistake and recovering the money lost on the original scam or fraud in exchange for a fee, but this is usually an attempt to extract even more money.

Critically, there is no redress for people who lose money to unauthorised firms, as they are not covered by the Investor Compensation Scheme.

CCPC advice

While victims of scams should always contact their bank or card provider and the Garda, the Competition and Consumer Protection Commission (CCPC) has a role in making consumers scam-aware.

As well as never giving out personal, bank or credit cards to unknown parties or indeed businesses that should already have that information, people should think twice when receiving messages apparently from friends or acquaintances with dubious links or requests for money, the CCPC warns. These are often the result of hackers using the friend’s email or social media account.

It pays to be wary of missed calls from numbers with international prefixes, it adds, as when recipients return the call it turns out to be a premium rate number with an extremely high rate. It suggests checking the prefix online to see which country it came from – if you don’t typically have any contact with that part of the world, it will most likely be a scam.

While the majority of financial scams may take place online or over the telephone, it is still essential to keep bank and credit cards secure in our offline lives to avoid falling prey to lightning-quick card skimmers. This means never letting cards out of sight and never sharing PIN details with anyone.