IWASP

Business Scams

Malicious email attachments, false government grant phone calls and CEO impersonation scams are among a raft of scams undermining businesses as a result of the COVID-19 pandemic. The increasing risk has led National Trading Standards to launch Businesses Against Scams, this is a free online training tool to protect businesses, employees and customers from costly scams.

With remote working and many businesses having to stop or diversify their trading practices, criminals are seizing the opportunity to target employees who are isolated from colleagues. Scams include criminals impersonating government officials or a senior member of the business in order to put pressure on employees to give out sensitive information or make payments.

Criminals will also try and gain access to businesses devices and networks, and everything stored on them. They can do this by:

  • Sending emails with malicious attachments;
  • Exploiting vulnerabilities in your operating systems if they are not up-to-date;
  • Trying to get you to click links or visit malicious websites.

Once they have access to your device and your data, they may try to steal your data or extract money from you by getting you to pay a ransom.

At a time when businesses are already facing challenges posed by the coronavirus pandemic, the proliferation of related scams are adding further strain on businesses. This includes scams directly targeting businesses – such as tax refund frauds – which can lead to significant financial losses for businesses.

Scams targeting customers also undermine businesses, as criminals often impersonate businesses to defraud their customer base, causing reputational damage and potential loss of business. The emotional and mental impact on employees and business owners who have fallen victim to a scam can also be devastating and long-lasting.

The increased risk for businesses has led National Trading Standards to encourage more businesses to join Businesses Against Scams. The initiative provides free tools for businesses to help upskill and train their workforce, through free online training modules that will help staff identify and prevent potential scams.

 

Four common scams targeting businesses include:

Government grant/tax refund scams – A business is contacted by phone, email or post by government imposters suggesting the business might qualify for a special COVID-19 government grant or a tax refund. Variations on the scheme involve contacts through text messages, social media posts and messages.

Businesses should be cautious about unexpected urgent communications offering financial assistance. Check that the information is genuine by using official government websites.

Invoice/mandate scams – A business may be contacted out of the blue by someone claiming to be from a regular supplier. They state that their bank account details have changed and will ask you to change the payment details.

Never rush a payment. Use contact details that you have used before to check that it is genuine.

CEO impersonation scams - A sophisticated scam that plays on the authority of company directors and senior managers. An employee receives a phone call or email from someone claiming to be a senior member of staff – they ask for an urgent payment to a new account and instil a sense of panic. Scammers may even hack a staff email account or use spoofing software to appear genuine.

Be cautious about unexpected urgent requests for payment and always check the request in person if possible.

Tech support scams – With more people working remotely and IT systems under pressure, criminals may impersonate well-known companies and offer to repair devices. Criminals are trying to gain computer access or get hold of passwords and login details. Once they have access, criminals can search the hard drive for valuable information.

 

Email Scam - HSE

Trading Standards are warning businesses to look out for an email purporting to be from the HSE. The email states that the HSE have received a complaint about your company regarding possible violations during the lockdown period. There is an Excel spreadsheet attached which they state contains details of the complaint – Do  not open this attachment. We have had confirmation from the HSE that this is a SCAM

Coronavirus Payment Email

Trading Standards are warning businesses to be aware of a new scam, it purports to come from the HMRC and reads –

 

Dear  customer ,

Your recent Coronavirus Job Retention Scheme application has been rejected or recalled .

Summary of reject justification : “the claimant is in arrears ”.

Please see the document attached for more details and a full report on your application .

We have also included the application you made in original .

See the document attached for contact information regarding your case officer .

Note : if the application has already been paid or loan granted funds will have to be returned .

 

Scammers are using the Coronavirus and our concerns to prey on our vulnerabilities at this time

 

DO NOT open the attachment – delete the email straight away

Remember take five minutes to: 

Stop - Taking a moment to stop and think before parting with your money or information could keep you safe.

Challenge - Could it be fake? It’s ok to reject, refuse or ignore any requests. Only criminals will try to rush or panic you.

Protect - Contact your bank immediately if you think you’ve fallen for a scam and report it to Action Fraud.

Always be suspicious of cold callers. Genuine companies would never call out of the blue and ask for financial information.

 More information relating specifically to Business Scams can be found on the Business Companion web pages.