Coronavirus and fraud

Universities, Consortia and the wider Higher Education sector are responding valiantly to the outbreak of coronavirus / covid-19 in the UK.

As contingency plans are activated and teams across institutions transition to working from home for what could potentially be a prolonged period, it is important to remember that criminals will almost certainly look to utilise this situation as an opportunity to commit fraud.

• IT systems are being accessed remotely;
• Approval processes are being undertaken remotely;
• Requirements may genuinely be urgent and / or non-standard.

Fraud examples exploiting coronavirus

Unfortunately we have already seen instances of phishing emails and bogus contact via text, phone, whatsapp and social media; HMRC have highlighted examples of these scams here, and the BBC have covered a number of frauds here.

Phishing

The National Cyber Security Centre (NCSC) guidance on spotting and dealing with phishing emails is here; it is worth familiarising yourself with the NCSC top tips, such as:

• Is the design and overall quality what you'd expect from the organisation the email is supposed to come from?
• Is it addressed to you by name, or does it refer to 'valued customer', or 'friend', or 'colleague'? This can be a sign that the sender does not actually know you, and that it is part of a phishing scam.
• Does the email contain a veiled threat that asks you to act urgently? Be suspicious of words like 'send these details within 24 hours' or 'you have been a victim of crime, click here immediately'.
• Look at the sender's name. Does it sound legitimate, or is it trying to mimic someone you know?

NCSC have also provided guidance on preparing your organisation and staff for working from home which can be read here.

Bank mandate fraud

Institutions should ensure that their policies and procedures for processing invoices and making payments are being followed, especially in the exceptional circumstances that we find ourselves in.

Fraudsters will be attempting to use any opportunity to make false changes to supplier bank account details or to gain self-service payroll access to divert payments.  Always check via a phone call to a known contact or the member of staff should you receive any such requests.

Supplier fraud

Fraudsters will also be attempting to use the current situation to commit supplier fraud by ordering goods or services on an institutions account.  The University of London have produced some excellent guidance on identifying fraudulent emails and purchase orders which can be read here.  Do bear in mind the following top tips in addition to those highlighted by NCSC:

• An incorrect domain name will be used to send emails and purchase orders.
• The delivery address may or may not be a University address. Fraudulent addresses will typically be a domestic residence or a self-storage facility, often not anywhere near the University, or, the delivery address may be a genuine University address, which is later changed or redirected.
• Use of a false or unknown contact from the University may be used or the e mail may use names of the University’s senior management team or Board of Trustees as contacts.
• Various quantities may be requested but many will be for large orders.
• Orders may request to ship priority or overnight.

Resources

If you become aware of a fraud, be it related to coronavirus or not, please do share it on the discussion boards here to raise awareness with colleagues from across the sector - you can always post anonymously should you require.

We also have a number of counter fraud resources on the BUFDG website here.

Our dedicated HEPA coronavirus response page is available here.

Finally, KPMG are running a webinar on Friday 27 March focused on Coronavirus related cybercrime – you can register here.