Fraud might be the last thing on your mind during this crisis, but sadly criminals will take advantage of any situation. This is no different with the coronavirus pandemic.
We all need to be alert to the heightened risks of fraud during this time.
The types of fraud that we all need to be alert to, like mandate fraud, might be even more of a risk while most people are working remotely.
1. Application fraud
Unfortunately local authorities already receive false applications for a variety of services including benefits, housing, and social care funding. With new government grants available, it’s expected that further fraudulent applications will be received.
This might be individuals misrepresenting their circumstances, or third parties impersonating legitimate businesses to obtain grant money. Please be vigilant and attempt to verify the information provided where possible.
This is a common scam, but criminals are targeting people with coronavirus related messages that appear to be from genuine organisations. According to Strategic Risk Europe, phishing attacks in March were up 667% compared to February.
You might have seen warnings about scams targeting members of the public through text messages. They appear to come from ‘UK Government’, advising that people are either due a payout or have been issued with a fine. Both take you to links which ask for bank details.
Phishing attacks are also targeting organisations in an attempt to gain financial information or passwords. One scam involves an email about a Covid-19 e-learning package for health professionals. The email contains a link which takes you to a website spoofed to look like the Office 365 sign-in page.
Another phishing email that people have reported asks for charity donations to support the NHS. Bank details are provided which belong to the fraudster, and official information about Covid-19 is used to lend legitimacy to the request.
If you receive a suspected phishing attempt, forward it to your IT team who can block the email. These attacks are randomised so it isn’t always possible to block the emails.
Be vigilant when receiving emails and if in doubt, don’t proceed. Information to help spot phishing emails can be found at the National Cyber Security Centre.
Whaling is similar to phishing but involves targeting a senior member of staff. A criminal will impersonate this senior officer and request that an urgent payment is made. Usually they will provide bank details for a fake ‘creditor’ which are actually the fraudster’s own bank details. This is also known as mandate fraud.
The disruptions to normal work life could mean that criminals see more opportunities to exploit payment systems. If you receive such a request, please be extra vigilant and verify the authenticity of the request by calling or emailing your senior officer directly.
You could also verify the request by contacting the creditor with the details you have on file. Don’t attempt to verify it by replying to the original message – most will be made to appear genuine but will contain false information. Scrutinise email addresses and the content of the email carefully to check everything looks correct.
4. Invoice fraud
During any periods of staff absence, efforts should be made to maintain separation of duties. Be careful not to share passwords that allow colleagues to approve any transactions or invoices on your behalf.
In preparing for potential staff absence, review the individuals authorised to place and approve orders, and ensure that you have adequate cover. If necessary, review and update schemes of delegation.
5. Supplier fraud
In early 2020, several websites were created to sell supplies in high demand such as face masks, cleaning products and hand sanitiser. If you have a regular supplier whose items are out of stock, please take extra care when ordering them from another provider.
There is a risk that these websites are fraudulent and the goods will never be delivered, or the goods supplied will not be of the required standard.
6. Purchase cards
Corporate purchasing cards are issued or used by the named card holder and sharing of cards is not permitted. Where controls are relaxed, this can result in unauthorised transactions and a lack of accountability. Please be vigilant and aware of the risks in this area. If you need additional cardholders, contact your finance or procurement team.
7. Malware and ransomware
With most people working remotely, cyber criminals may take advantage and try to install malware on your computer. Never download anything or share remote access to your computer in response to a cold call. If in doubt, check with your IT team through the official channels.
Malware refers to any malicious software installed on a device which may steal or delete its contents. Ransomware is a type of malware that locks the system or data and demands payment for its release.
Perhaps the most well-known example is the ‘WannaCry’ attack in 2017, which cost the NHS an estimated £92 million.
- Covid-19 business grants scam affecting councils
- Email scams – what’s the difference between phishing and whaling?
- Protecting yourself from ransomware
- Using data analytics to find fraud and error in the micro grants scheme
If you become the victim of a scam, report this to Action Fraud and contact your bank immediately.
Veritau provides counter fraud services to many public sector bodies, from local authorities to housing associations. Get in touch with the fraud team at email@example.com or report fraud affecting your organisation on 0800 9179 247.