Please make sure you are using a supported browser. To find out more click here.

How to protect yourself from fraud during COVID-19

By Bryony Clear Hill, Associate Manager — Ethics Awareness, Association of International Certified Professional Accountants

As COVID-19 spreads around the world, fraudsters are taking advantage of the situation to launch new schemes designed at getting hold of your money.

Fraud is big business globally. recent PWC study found that almost half of companies had suffered at least one fraud, with over 10% of targeted organisations experiencing losses over $50 million.  

Here are some types of fraud you should look out for and steps you can take to protect yourself and your organisation 

Fake products 

One tactic that fraudsters are trying out is using the panic around coronavirus as a way to sell fake products.  

There have been reports of unlicensed medical products for sale around the world, including counterfeit face masks, unlicensed medications and fake testing kits. There have even been reports of a website selling anti-virus softwareclaiming it protects against the real virus. Other scams include people online selling in-demand products such as hand sanitiser which are paid for then never arrive.  

To protect yourself, you should only take medical advice from qualified professionals and government officials, and only buy goods from trusted suppliers. Organisations should avoid endorsing any medical products and instead point employees towards official guidance. Be suspicious of offers which seem like they might be too good, and if you think someone is selling fake products make sure you report it to the relevant authorities.  

Watch out for phishing 

Lots of people around the world have been targeted with phishing attacks over the last few weeks. Phishing is when fraudsters send a text or email designed to trick you into giving away personal information, such as credit card details.

 Fraudsters are taking advantage of the pandemic to make these phishing attempts look more genuine. Some people in the UK have received fraudulent emails and texts claiming to be from the government offering a tax refund. Others have been sent messages warning that they have been seen leaving the house too many times and must pay a fine immediately.   

Organisations are also at risk. Common tactics include fake payment orders with payment demanded immediately or emails appearing to be from senior managers that ask employees to send bank details.  

Now is the time to make sure you know how to spot a possible phishing attack.  

Some key red flags can help you spot a phishing attempt:  

  1. Check the email address — does it look real? Is it sent from a public domain email address like or  
  2. Are there any spelling mistakes or grammar issues in the email?  
  3. Would you expect this sender to ask for personal information? It is unlikely that the government or reputable senders would ask for you to send personal details via email.  

If you’re in any doubt as to whether an email is real, the safest thing to do is contact the apparent sender to check. Don’t just reply to the email — find a different contact method, such as a phone number.  

Be aware of malicious software 

Another increasingly common fraud involves emails that trick you into downloading malicious software. The user gets an email and clicks a link or opens an attachment. Without your realising, software is downloaded onto your computer that can track everything you do and steal personal information.  

One email that’s circulating appears to be from the World Health Organisation and offers information on COVID-19. In reality, its been sent by fraudsters and cybercriminals. When you open the attachment, it downloads malware onto your device. 

To protect yourself, make sure you check any links before you open them. Hovering over a link should bring up the full website address — does it look legitimate? Check the URL of the organisation yourself — does it match the URL in the email? Fraudsters will often make small changes to the URL in the hope that you don’t notice.   

When it comes to attachments, you should always be suspicious. Unless you personally know the person sending the email or are expecting an email with an attachment, you should probably avoid opening anything. Lots of antivirus software is available for individuals and organisations to scan attachments before opening.   

Be suspicious 

The main message right now is to be suspicious. Many of us are having to change the ways we work, and fraudsters are no exception. The tactics they are using to get hold of our data and money are likely to keep getting more inventive. Question everything and act with caution.  

The UK’s National Crime Agency recommends an easy 3-step process to help protect you and your cash: Stop, Challenge, Protect. Stop and think before you part with your personal details. Challenge if you are suspicious — fraudsters might try to pressure you into giving up information quickly so this can be a red flag. And protect yourself — if you think you have been scammed, contact your bank and the relevant authorities, such as Action Fraud in the UK.  

Find out more on how to protect your organisation in our new report Your guide to combatting financial crime.