Criminals prey on coronavirus fears to steal £2m

By Paul Lynch
BBC Shared Data Unit

Laptop and credit cardImage source, Poike

About £2m has been lost to coronavirus-related fraud in the UK as criminals look to cash in on the crisis.

At least 824 people have fallen victim to Covid-19 scams this year, according to latest figures from Action Fraud.

Experts say criminals are playing on virus fears and posing as official sources to obtain details from people seeking compensation.

A fraud expert told the BBC criminals were trading "templates" on how to defraud people on the dark web.

And analysis shows more than 70,000 "malicious" websites have also sprung up since the global pandemic was declared.

Image source, Action Fraud
Image caption,
Action Fraud has reported a number of scams relating to the sale of fake medical products.

Guidance issued by the National Cyber Security Centre (NCSC) has detected "more UK government branded scams relating to COVID-19 than any other subject," since the start of March.

There are now 2,500 they are aware of, ranging from fake offers of tax rebates to bogus medicines.

The organisation says criminals are primarily targeting people with Covid-19 related "phishing" emails.

These attempt to make individuals hand over personal or even bank details, usually by clicking on a link first.

One particular scam asks Android users to download a "coronavirus tracker app" to see cases in their area.

In fact, it installs ransomware - a type of software aimed at stealing information - on the user's phone.

Emails may "spoof" organisations such as the World Health Organization (WHO) or an individual with "Dr" in their title, the NCSC says.

A known scam purports to be sent on behalf of the government and is offering payments to people "as part of its promise to battle Covid-19".

Image source, Colin Holder
Image caption,
Security expert Colin Holder says criminals are likely to be using landlines to target individuals during the crisis

The National Crime Agency (NCA) says fraudsters are "adapting their behaviour under lockdown."

As a response it says it is "redoubling" its efforts to bring them to justice and is deploying more officers online.

So far, the NCA has taken down six web domains known to be exploiting the virus.

However, one expert believes criminals are also exploiting the fact that people are at home by calling landlines.

Founder of the Fraud Alert website and former Metropolitan Police detective, Colin Holder, is one of many security experts who monitor dark web criminal forums for signs of new scamming methods.

Often criminals will share "templates" or guides showing how to crack passwords and defraud people.

He said they would now look to cash in on landline numbers they may have purchased in recent years.

"They are trading a vast amount of mobile numbers every day, but a lot of people now don't answer mobile numbers they don't recognise," Mr Holder said.

"If you are at home, you are very likely to answer your landline - so we have seen home numbers being traded quite consistently. This is the time they will look to use them.

"Criminals never want to spend money, but where else can you get someone else's home phone number from now?"

Mr Holder said criminals will often start the call with the home occupant's name to "lull" them into a conversation.

"Then if they have some data from an official source it makes them sound legitimate," he added.

Mr Holder said criminals may not even ask for a bank account - they may be looking for a piece of information that could lead to a password or the answer to a commonly used security question such as "mother's maiden name".

Image source, Sean McGrath
Image caption,
Sean McGrath of says the number of malicious websites launched during the crisis has reached 80,000

Editor of the website Sean McGrath has compiled a list of newly registered websites linked to phishing scams or considered "malicious" by security companies since the outbreak.

In January, there were 1,772 new URLs registered worldwide. In March that jumped to 62,771.

They include website titles such as "" and "".

Many appear to look legitimate and feature the same wording and branding as the World Health Organisation.

"At the very least the websites are spreading misinformation," said Mr McGrath. "They are part of campaigns that want to spread a message that is disingenuous.

"At the other end these are sites that, by getting you to download something, are installing malware or ransomware on your computer.

"The criminality is spreading at the same rate as the virus itself."

Mr McGrath said the websites work by preying on a need for information in a time of crisis. Most are sent out as a link in a phishing email.

How to stay safe?

Action Fraud has urged people to watch out for scam emails that appear to be from official sources and to research sites before buying goods online.

It says you should also always install the latest software and app updates to protect devices from the latest threats.

For more advice on internet shopping visit the Action Fraud website.

For information on how to update your device, head to the NCSC's dedicated page.