From fake pets to brushing scams, Alison looks back at a bumper year of scamming.

2020 has been many things, including what could be described as the “Year of the Scam” (copyright – me… no citation to support this! :-).  Cyber criminals and fraudsters have really gone to town this year and it’s fair to say that the Covid-19 pandemic has certainly captured their imagination.  

A reflective look back through the 21 editions of the Cyber Resilience Bulletin reveals a timeline of scams which evolved as the pandemic moved through its stages, tracking the things that were concerning us as the time passed.

Looking back to April 2020, we saw the first of the Corona-related scams… these took the form of counterfeit PPE and Covid-related quizzes, which were an attempt to harvest our credentials and personal information. Moving on to May, there was a rise in phishing promotions, including ones purporting to be from supermarkets offering “free” money. We also saw a big increase in Mandate Fraud, designed to take advantage of changes in processes that we implemented to manage working from home.

We have seen some really scummy scams, capitalising on people’s emotions… fake “you have Covid” texts, an increase in romance fraud and some horrid pet scams where fraudsters were purporting to have pets for sale which, when you have paid a (large) deposit, never seem to materialise.

By June, the slight relaxation of lockdown life meant some of us were able to spread our wings and get away on holiday. Up popped vacation related scams including fake holiday refund websites and properties to book that didn’t exist when you got there – not the best start to a hard- earned break! The return of Premier League Football brought about payment scams for fans watching online and, for the non-football fans amongst us, we observed live concerts which were being streamed having their donation links spoofed and the donations intended for charities being syphoned off into the hands of criminals.

We saw a new angle on the traditional HMRC related variety (did you know that HMRC is the most impersonated organisation for scams in the UK?). Covid gave us scams around the HMRC job retention scheme, the bounce back loan project and student bogus refund scams.

August saw some odd scams… with Brushing scams, people reported receiving some unexpected and unordered deliveries which contained the strangest of things… items like seeds and pieces of cheap jewellery. The aim of the brushing scam is to create legitimate transactions which allow for fake reviews to be posted, thus improving the credulity of an e-retailer. Good reviews are a bonus for fake retailers – they help present an image of a bonafide, trusted store which, added to an amazingly reasonable price, can create a compelling narrative for a would-be purchaser.

Scams, fraud and cyber crime are big business. Since 1st April until 1st December, 231,607 reports were made tothe National Fraud Intelligence Bureau (NFIB) worth a massive £1.4 billion in losses to individuals and organisations. A lot of this money raised not only lines the pockets of unscrupulous individuals, but also finds its way to Serious and Organised Crime gangs

Fast forward to December and do we find cyber criminals kicking back and enjoying the festive season? Alas, no… Christmas shopping is a prime time for cyber-crime… starting on Black Friday, Cyber Monday and running all the way to that last-minute present dash on Christmas Eve. It is such big business that the National Cyber Security Centre (NCSC) have updated their guidance on shopping safely online with this new article.

Spotting scam emails is becoming increasingly difficult. However, there are some tricks that criminals will use to try and get you to respond without thinking. The NCSC has advice on how to spot the most obvious signs of a scam, and what to do if you’ve already responded. If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service(SERS) at report@phishing.gov.uk 

Sadly, shopping is not the only area where we may get scammed this December… 2020 has seen a surge of delivery scams with people getting emails purporting to be from Parcelforce, Royal Mail, DPD and many others, indicating that they are unable to deliver a parcel.  Victims are encouraged to click on links which download malicious software or submit a payment due to a number of failed delivery attempts. 

Action Fraud are reporting that some criminals are posting delivery cards through letterboxes, encouraging people to contact a number to re-arrange delivery.  The first 10 seconds of the premium rate call racks up at £315 charge… definitely one to avoid.   

Re-reading this, it all seems like doom and gloom, but there are many ways of staying safe online.  An important message is shared by our friends at Take Five…  basically, take a step back and consider if what you are being asked to do is reasonable.  There is a lot of advice available on scams – educate yourself and your family on the current scams by subscribing to the weekly newsletters by Trading StandardsWhich? And of course, the excellent Cyber Resilience Bulletin.  

And the really golden rule to live by… if it seems too good to be true, it probably is – do bear that in mind before you click on that bargain!  

Wishing everyone all the best for a safe, secure and happy online Christmas 2020.