- Security TWENTY
- Women in Security Awards
The Covid-19 pandemic and the economic packages to cushion the disruption have led to a spike in fraud. In the United States, the FBI reports that it has seen a spike in fraudulent unemployment insurance claims complaints, involving the use of stolen personally identifiable information (PII).
Citizens from several states have been victimised by criminals impersonating them and using the victims’ stolen identities to submit fraudulent unemployment insurance claims online. The criminals obtain the stolen identity by online purchase of stolen PII, previous data breaches, computer intrusions, cold-calling victims as a scam, email phishing, physical theft of data from victims or others, and from public websites and social media accounts. Criminals will use third parties or persuade individuals who are victims of other scams or frauds to transfer fraudulent funds to accounts controlled by criminals, the FBI adds.
The Bureau adds that many victims of identity theft related to unemployment insurance claims do not know they have been targeted until they try to file a claim for unemployment insurance benefits, receive a notification from the state unemployment insurance agency, or are told by their employer that a claim has been filed.
Meanwhile in the UK, the counter-fraud trade association Cifas reports emails claiming to be from a Senior Director from Microsoft, and claiming that an online email beta test was carried out and the recipient’s email address was selected to receive a payment from a ‘Microsoft Coronavirus Relief Fund’. Recipients are asked to open an attached JPG file to view details and receive further information on how to claim this fund.
As Cifas points out, fraudsters go to great lengths to make emails look genuine, and so it is important that people never share financial or personal information if they cannot confirm the legitimacy of the sender.
Cifas has learned of a new phishing campaign targeting homeworkers, as fraudsters send emails to employees offering coronavirus training resources ahead of their return to the workplace. These emails specifically target Office 365 users, and include a link asking recipients to register for the training.
Cifas is reminding employees to take a moment to stop and think before responding to requests for personal or financial information, even if they believe it is from their employer. Anyone that has received a suspicious email can report it to the UK’s official Suspicious Email Reporting Service: firstname.lastname@example.org.
Taxpayers have reported receiving fake text messages purporting to be from HMRC informing them they are due a tax refund which can be applied for via an official looking website. This spoofed site uses HMRC branding and is headed ‘Coronavirus (COVID-19) guidance and support’, and asks users for information including government gateway login credentials before requesting their passport number or national insurance number as ‘verification’.
Cifas is advising taxpayers to be suspicious of texts, emails or calls claiming to be from the government offering financial help or tax refunds, and visit GOV.UK to check out how genuine schemes operate.
Nick Downing, Chief Intelligence Officer for Cifas, said: ‘Despite the fact that the lockdown is beginning to ease, criminals continue to look for ways to use the COVID pandemic to steal money and information from innocent members of the public. Don’t be tempted to let your guard down at this time, and always question the legitimacy of unsolicited emails, texts and calls. Stay vigilant and remember that criminals work quickly and regularly change tactics, so the scams you see today most likely won’t be the ones you’ll see tomorrow.’
Anyone in the UK that believes they have been the victim of a scam should contact their bank or financial service provider; and report the fraud to Action Fraud on 0300 123 2040 or www.actionfraud.police.uk.