The email scams to watch out for during COVID-19
Posted on October 20, 2020
By Sam Holding, Head of International, SparkPost
The prolonged isolation and lockdown in the UK have already had a major impact on people’s lives and wellbeing.
According to the Office for National Statistics, more than 25 million people in the UK reported being affected by deep levels of anxiety in March 2020 only. It’s worth noting that younger people, aged 18 to 24, have been three times more likely to experience loneliness as a result of the lockdown, with a remarkable 44% feeling low, according to the Mental Health Foundation.
Isolation, loneliness, and uncertainty formulate the right setting for fraudsters to prey on unsuspecting victims. And that’s exactly what they did.
The size and impact of scams in the past few months is shocking. In April 2020, the National Cyber Security Centre removed more than 2,000 online campaigns pertaining to the current pandemic; while Action Fraud reported that more than £3.5 million has been stolen from the UK public in scams related to COVID, since lockdown began and by mid-May.
Sign up for our ‘cybersecurity and threat actors’ webinar on Wednesday 21st October – click below
Email scam – what else is new?
Of all the channels and tools fraudsters use, email has once again been exploited the most – being cheap, anonymous and impersonal enough to bear no great risk to the scammer. At the same time, email is widely spread and trusted by people of very diverse demographics. As physical spaces have been closed and many people have been working from home, email has become an (even more) indispensable and compulsory part of our daily routine.
While email has been a common platform for scams for a while, the context of the scams has recently been altered and modified, to reflect the current crisis, and manipulate people’s emotional and mental state. It is distressing to see how effectively fraudsters have grasped people’s needs and exploited their cravings for safeness and assurance.
Scam emails amid COVID often integrate practices that were used by businesses and public sector organisations to communicate changes to their policies or customer service. Apart from the old “safety information” emails we’ve seen so many times, fraudsters have also been using new context such as:
- Fake charity emails. The lockdown has triggered our sense of community, and many of us have been more open and supportive to others who may be more vulnerable; either health charities, or food banks, or NGOs supporting key workers. Scammers realised that very early, and scam emails asking for donations were sent to deceit trusting samaritans.
- VAT tax relief, TV license returns or council tax rebates. With several organisations adjusting their policies to accommodate the needs of small business owners and struggling customers, fraudsters have discovered new ground for defrauding innocent victims. Emails promising tax returns or other immediate financial benefits have been used extensively to get access to victims’ bank details and other personal information. The problem with some of these emails was that, generally, they were very well designed, making it hard to recognise the scam. Scammers used spoofing (headers that would make emails seem to be sent from a legitimate organisation), corporate jargon, as well as urgency links to “claim your council tax reduction now” – making the scam very hard to spot.
- Health protection emails. The current pandemic fuelled people’s need to keep informed, both through news media and social networking platforms. According to data extracted from SparkPost’s Competitive Tracker, “COVID” or “Coronavirus” themed subject lines fronting emails have seen a remarkable global increase in communications run by social networking companies, rising from 2,080 in February to a rocking 12,577 in March 2020. While companies like Twitter have been displaying an admirable level of responsibility and leadership though, scammers were sending malware emails with “critical information” about the virus prompting people to “click here to check how many people are infected in your neighbourhood.”
- Investors’ emails. Who doesn’t love a bargain? Emails inviting people to take advantage of the current economic downturn have been sent with “exciting investment opportunities” that were, of course, fake.
- eCommerce scams. Online shopping has lately become a necessity – and often was the only viable option for some people. The promotion of goods that are in high demand, such as hand sanitisers and masks, has been used for just another scam. Fraudsters have taken advantage of people’s panic as well as the replenishment issues that some retailers have experienced, for their benefit.
During May 2020, more than 160,000 phishing emails were reported to the National Cyber Security Centre. It’s almost certain that scammers will always find new and even more imaginative ways to con their victims.
This is not over, and companies should keep their workforce updated about new threats, particularly since many of them are being exposed to more risks.