24 March 2020 Ashley Shelbrooke, HEPA and Project Specialist
Universities, Consortia and the wider Higher Education sector are responding valiantly to the outbreak of coronavirus / covid-19 in the UK.
As contingency plans are activated and teams across institutions transition to working from home for what could potentially be a prolonged period, it is important to remember that criminals will almost certainly look to utilise this situation as an opportunity to commit fraud.
Unfortunately we have already seen instances of phishing emails and bogus contact via text, phone, whatsapp and social media; HMRC have highlighted examples of these scams here, and the BBC have covered a number of frauds here.
The National Cyber Security Centre (NCSC) guidance on spotting and dealing with phishing emails is here; it is worth familiarising yourself with the NCSC top tips, such as:
NCSC have also provided guidance on preparing your organisation and staff for working from home which can be read here.
Institutions should ensure that their policies and procedures for processing invoices and making payments are being followed, especially in the exceptional circumstances that we find ourselves in.
Fraudsters will be attempting to use any opportunity to make false changes to supplier bank account details or to gain self-service payroll access to divert payments. Always check via a phone call to a known contact or the member of staff should you receive any such requests.
Fraudsters will also be attempting to use the current situation to commit supplier fraud by ordering goods or services on an institutions account. The University of London have produced some excellent guidance on identifying fraudulent emails and purchase orders which can be read here. Do bear in mind the following top tips in addition to those highlighted by NCSC:
If you become aware of a fraud, be it related to coronavirus or not, please do share it on the discussion boards here to raise awareness with colleagues from across the sector - you can always post anonymously should you require.
We also have a number of counter fraud resources on the BUFDG website here.
Our dedicated HEPA coronavirus response page is available here.
Finally, KPMG are running a webinar on Friday 27 March focused on Coronavirus related cybercrime – you can register here.