Tel:+44(0)121 748 4600 Fax:+44(0)121 730 2745 Email: info@iaaf.co.uk Search
The Independent Automotive Aftermarket Federation

COVID-19: financial scams and cyber security

Date: Friday 19 June 2020

Cyber fraud and security for businesses
Criminals are taking advantage of Coronavirus and the package of measures to support people and businesses announced by the Government. They text, email or phone businesses offering spurious financial support or tax refunds.

These try to get financial and personal information or attempt to infiltrate computer systems to steal data or demand ransom.

HMRC has detected more than 95 Covid-related financial scams since March, most by text message. We have asked Internet Service Providers to take down more than 100 web pages associated with these frauds.

HMRC’s advice to businesses:

Stop: If you receive a request to make an urgent payment, change supplier bank details, or provide financial information, take a moment to stop and think.

Challenge: Could it be fake? Verify all payments and supplier details directly with the company on a known phone number or in person first.

Check GOV.UK for information on how to recognise genuine HMRC contact and how to avoid and report scams.

If you think you have received an HMRC-related phishing/bogus email or text message, you can check it against examples published on GOV.UK.

Protect: Contact your business’ bank immediately if you think you’ve been defrauded and report it to Action Fraud.

Use the latest software, apps and operating systems on your phone, tablet or laptop.

Update these regularly or set your devices to automatically update.

Forward suspicious emails claiming to be from HMRC to phishing@hmrc.gov.uk and texts to 60599.

Remote working
Huge numbers of people working from home presents an opportunity for criminals to commit computer software service fraud, among other cyber crimes.

As IT systems are under increased pressure, and working more slowly, such offers of help gain credibility.

Practical steps
There are a number of practical steps businesses can take to reduce the risk to staff devices:

• Support people to use stronger passwords and set up two factor authentication
• Ensure staff know how to report problems, especially those related to security
• Create ‘How do I’ guides for new software and tools
• Use VPNs to allow users to securely access the organisation’s IT services
• Ensure devices encrypt data while at rest.

Data theft and malware
Criminals also try to gain access to business devices or networks by:

• Sending emails with malicious attachments
• Exploiting vulnerabilities in operating systems if they are not up-to-date
• Trying to get people to click links or visit malicious websites.

Once they have access to a business’ device, they might install malware or malicious software. This might lock the computer, or the data on it might be stolen, deleted or encrypted until a ransom is paid.

The National Cyber Security (NCSC) website offers information on steps businesses can take to protect device and operating systems and help educate employees.

Support and information:
• Read the NCSC’s Small Business Guide: Cyber Security for more advice on how to keep your business secure
• Some organisations allow staff to use their own devices to work remotely. The NCSC has published Bring Your Own Device (BYOD) guidance
• The NCSC’s working from home guidance
• The Global Cyber Alliance has created a Work From Home Community Forum support group where experts answer questions about security issues related to working from home