Covid-19

The Fraud and Security Management Service have been made aware of fake ‘phishing’ emails circulating, offering PCR tests for the Omicrom variant of Covid-19. The emails include NHS branding and contain links to official looking websites. However both the emails and the associated websites are fake. If accessed, the website asks the user to enter personal details (for delivery of the tests) and requests payment.

You are reminded to never follow links in emails from unknown senders. To order Lateral Flow Covid-19 tests (there is no separate test for the Omicrom variant) then go to the NHS website:

https://www.gov.uk/order-coronavirus-rapid-lateral-flow-tests

If you have symptoms, PCR Covid-19 tests can be ordered from:

https://www.gov.uk/get-coronavirus-test

Further information regarding email fraud can be found on our website here and information to protect yourself against cyber-fraud can be found here.

The Fraud and Security Management Service have been made aware of ‘phishing’ emails being sent to private accounts, regarding the Test and Trace Payment Scheme, which offers relief to those on low incomes that have to self-isolate.

The email was sent from a Hotmail account registered in Spain and included a hyperlink to enable the recipient to “Claim support online”. Had it been followed the link would have taken the recipient to a spoof site which would have then harvested personal information and banking details for the purposes of identity fraud.

It is advised to treat all unsolicited emails and texts with extreme caution and it is best practice to NEVER follow a link in the email.

Further details on the Test and Trace Support Payment Scheme can be found on the Gov.uk website here.

There is further advice available on this site regarding Cyber Crime and Email Fraud.

It has been reported that posters with razor blades attached have been placed in hospital sites. It is believed that those opposed to the wearing of masks and the vaccine are responsible.

If you see a poster displaying a similar message please take particular care in removing it and report the incident to your organisation’s Local Security Management Specialist.

The Department of Health and Social Care have reported a Covid vaccine passport scam email that purports to be from the NHS and informs recipients that they can apply for their “Digital Coronavirus Passports”.

Opposite is a copy of the Neighborhood Watch flyer that has been produced to raise awareness with NHS employees and the public. This flyer can be shared with, relatives, the public and your work colleagues.

Clicking on the link within the email, takes you to a convincing but fake NHS website that asks for personal and payment details (for an admin fee). The website has since been taken down but with most scams of this nature there is likely to be others created.

Your vaccination status is obtained FREE through the NHS App, website or by calling the NHS on 119. More information can be found on the gov.uk website: 

https://www.gov.uk/guidance/demonstrating-your-covid-19-vaccination-status-when-travelling-abroad

If you have any concerns regarding correspondence from the NHS you should seek to verify it, whilst being mindful that NHS departments and GP’s may take some time to respond during the national emergency.

If you receive a bogus email simply delete it. You can also right click on the email and under ‘junk’ options you can block the sender from contacting you again.

Attempted frauds can be reported to the Police by contacting Action Fraud. You can also refer to further advice from your Fraud and Security Management Service on cyber-crime or email fraud.

If you have any concerns or questions regarding the content of this alert please do not hesitate to contact your Local Counter Fraud Specialist.

Further advice on protecting yourself from common scams can be found here.

The BBC report that criminals are taking advantage of the Covid pandemic to recruit those with financial difficulties to unwittingly launder money.

It has been reported that instances of Romance Fraud have risen during the coronavirus pandemic with £68 million lost to such scams in 2020.

Romance Fraud occurs when people are scammed out of cash by a criminal pretending to want a relationship, normally online. The fraudster will maintain an ‘online’ relationship for a long period, in some cases many months, in order to gain the trust of the victim, before revealing a harrowing or desperate story that needs funds they don’t have to resolve. Money might be needed for medical treatment, or to save their home, or even to travel to ‘meet’ the unsuspecting victim. There may be a request to borrow money with a promise to repay, followed by frequent requests for more money with no repayments ever being made. By the time the victim realises that they have been defrauded they can have lost thousands, or even tens of thousands of pounds, often from their life savings.

While not affecting the NHS directly, being a victim of such a fraud can directly affect the individual’s mental health.

It has been reported that a conspiracy theorist that posted pictures of Queen Alexandra Hospital on social media claiming that the hospital was not busy and coronavirus was a hoax, has been issued with a Community Protection Notice (CPN) by the Police. The CPN bans her from entering several hospitals except with an appointment or in a medical emergency.

The woman had previously been given a £200 fixed penalty notice for making upsetting and false social media posts about the hospital.

It has been reported that a new type of scam email purporting to be from the NHS is circulating, which notifies the recipient that they have been chosen to receive the coronavirus vaccine.

The email asks the recipient to click a link, which then takes the user to a fake website (which contains NHS branding) where the user has to select an option as to whether they will accept the invitation.

If the invitation is accepted, the user is directed to another webpage which asks for further personal details, including the patient’s mother’s maiden name and their banking details. This webpage also contains false NHS branding.

This email is fraudulent. The NHS are not contacting patients for vaccination appointments by email and would never ask for personal details such as mother’s maiden name or banking details.

If you receive such an email simply delete it. You can also right click on the email and under ‘junk’ options you can block the sender from contacting you again.

The BBC have also provided information on this issue.

If you have any questions regarding correspondence from the NHS you should seek to verify it, whilst being mindful that NHS departments and GP’s may take some time to respond during the national emergency.

Attempted frauds can be reported to the Police by contacting Action Fraud.

You can also refer to further advice from your Fraud and Security Management Service on cyber-crime or email fraud.

It has been reported that scammers are taking advantage of the coronavirus pandemic by targeting savers with online adverts claiming their money will be invested in Covid-19 ‘vaccine bonds’. The adverts emailed to potential victims falsely claim that a US bank will invest their money in drug company Pfizer, which manufactures one of the coronavirus vaccines in use in the UK. Personal data is requested, including the applicant’s telephone number and an upload copy of their passport or driving license for “anti-money laundering” purposes. The one-year fixed-rate bonds promise a return of 4.2 per cent for people with a minimum of £10,000 to invest.

The NHS Counter Fraud Authority have issued a poster warning of the new variants of fraud that have been occurring relating to the Covid-19 vaccination. The poster warns of fraudulent emails and text messages leading to false websites, scam telephone calls and unauthorised home callers.

Click on the poster to download it, please share with colleagues, friends and relatives.

It has been reported that Portsmouth Police have fined a social media user who had posted photos of Queen Alexandra Hospital and had falsely claimed that the hospital was not busy with Covid-19 patients.

Mark Cubbon, the Trust’s Chief Executive, branded the posts as disrespectful to staff working hard to look after Covid-19 patients.

The person responsible was traced and given a fixed penalty notice under the Health Protection (Coronavirus, Restrictions) Regulations 2020.

It is reported that fraudsters are sending fake text messages about the Covid-19 vaccination in an attempt to obtain banking details.

The BBC report that the Police are hunting a man who took money from a 92 year old woman and injected her with an unknown substance.

The public have been warned to be on high alert to fraudsters seeking to exploit the news of the Pfizer vaccine to attempt to steal information. Cyber security experts have urged people to be careful of unsolicited telephone calls, text messages and emails from anyone offering to reserve them a jab of the new Pfizer vaccine.

Pfizer have said that, if successful, the vaccine will not be able to be bought privately.

Simon Fell, the Chairman of the All Parliamentary Group on Cyber Security, said that it was extremely likely that scammers would seek to take advantage of the news of the vaccine which could prevent coronavirus for up to 90 per cent of people

It has been reported that the Government’s National Cyber Security Centre (NCSC) dealt with 194 coronavirus-related incidents involving ‘hostile states’ and ‘criminal gangs’, which led to the overall number of serious attacks reaching a record of 723.

The newly created service where anybody could report a suspicious email to NCSC at [email protected] has received an astonishing 2.3 million emails, which, the agency has said, has resulted in 22,000 internet sites being taken offline.

The extra threat posed by state and criminal hackers meant that NCSC dealt with 10% more incidents in the year to 31 August, the highest level since the organisation was first formed in 2016.

Ransomware incidents – where a hacker disables an IT system or steals sensitive data and demands a payment for restoring or returning it (such as the wannacry attack in 2017 that impacted the NHS) saw a 300% increase in the past year.

Further information on protecting yourself and the NHS against cyber crime is available on the Fraud and Security Management Service’s cyber crime webpage.

A new COVID Fraud hotline has been announced by the Police in partnership with Crimestoppers.

If you suspect any kind of fraud affecting the NHS then you should still contact your Local Counter Fraud Specialist or the NHS Counter Fraud Authority in the first instance.

However, concerns about Covid related frauds against any other part of the public sector can now be reported by calling 0800 587 5030. More information is available at www.covidfraudhotline.org.

Councils in England and Wales have issued a warning that the public may be targeted by scammers pretending to be NHS test and trace workers.

Key workers have been warned to be on the lookout for fraudulent insurance deals after a man was accused of targeting NHS staff as part of an alleged car insurance scam. The IFB and City of London Police have urged key workers to be wary of online deals offering significantly discounted cover, warning that victims could be left significantly out of pocket. Last week a London subject was arrested on suspicion of operating a ghost broking scheme and was accused of offering discounts on the fraudulent scheme to NHS workers via social media.

A report from the Credit Industry Fraud Avoidance Service (CIFAS) states that more than one in ten UK adults have fallen victim to COVID-19 fraud: Opportunistic criminals are using COVID-19 to their advantage, having successfully scammed more than one in ten Brits out of about £556 each — collectively costing the nation £3.6bn.

A survey of 2,000 UK consumers found that 23% had been targeted by digital fraud between March and May of which 12% was Coronavirus related. Email and telephone fraud appeared most popular methods at 29% of reported cases each, while 12% of cases were carried out in person. 18% of cases related to requests to donate money for PPE, 16% related to donating to companies claiming to offer a cure for the virus while 16% related to buying goods in short supply that were not delivered (e.g. toilet roll or hand sanitiser.

A recent article on the BBC website details the many different types of Coronavirus related frauds that have been reported.

These shocking numbers demonstrate the need to remain vigilant, if you receive any kind of suspicious request for money or information you should contact your Local Counter Fraud Specialist.

The BBC have published an article giving advice on how to tell if a ‘trace and track’ call is genuine, with advice on how to spot false and fraudulent calls.

A charity has warned that organised criminals will be exploiting loneliness during lock-down to take money from romance scam victims.

The National Fraud Initiative database website includes a warning for staff working at home to be wary of conducting confidential work calls or web-meetings within ‘earshot’ of Alexa or other similar devices.

Many of these devices are sound activated and recordings are retained, so confidentiality issues need to be considered. It is recommended that the microphones on such devices are deactivated before any such calls or meetings, or consideration is given to siting the unit in another room.

Organisations should consider including this advice in any working from home guidance and Communications Policy.

It has been reported that a text message scam targeting users of the NHS Coronavirus tracing ‘app’ has been identified and users are warned to be vigilant.

The Centre for the Protection of the National Infrastructure (CPNI) have posted some security advice on their website for consideration during the Covid-19 pandemic, including a document called ‘Personal Security During a Pandemic’.

A Portsmouth man has been charged with assaulting an emergency worker after coughing at a Police Officer and claiming that he had Coronavirus. A report of a second similar incident in Portsmouth can be viewed here. Meanwhile an Isle of Wight man has been jailed for six months for doing the same thing.

The BBC have reported that law enforcement agencies report an unprecedented number of scams linked to the Coronavirus pandemic.

It has been reported that the Coronavirus pandemic has resulted in millions of scam Coronavirus emails being blocked by Google every day.

Hampshire Constabulary have issued new advice on the many and varied Coronavirus-related scams that have been reported to Action Fraud.

Reports are being received that the Covid-19 outbreak has seen a sharp rise in reports of theft of items such as scrubs, face masks, gloves and in particular hand gel / spirigel hand sanitiser. There have even been anecdotal reports of wall mounted dispensers being pulled off the wall and of the units and refills appearing for sale on eBay. While some items have to be left in public view (hand sanitiser for example) care should be taken to ensure that stocks are stored securely and usual best practices for managing and securing assets are followed.

The vulnerable are being targeted by unscrupulous scammers taking advantage of the Covid-19 pandemic, a report warns.

The Fraud and Security Management Service have produced a risks document which provides useful web-links and current information and guidance for all NHS organisations and their employees on how to spot and tackle the emerging fraud and security threats from the COVID-19 outbreak. The landscape will continue to evolve at a fast pace over the next 6-12 months and therefore our fraud and security management web pages will be a useful resource for all of our clients to assist them in understanding and managing the risks going forward. Download the COVID-19 Fraud & Security Risks Document.

Click to download

An alert from the NHS England Controlled Drugs Team issued on 25th March warned of an increased risk of the theft of controlled drugs and outlined measures that should be taken.

If you have not received the alert please contact either the NHS England Controlled Drugs Team or your Local Security Management Specialist.

Any drug thefts should ordinarily be reported as a crime via 101 and to your Local Security Management Specialist, BUT if there is any risk to yourself or others then in an EMERGENCY please continue to dial 999.

Hampshire Constabulary have issued the following alert:

“We know many of you may be working from home today, helping to #StayHomeSaveLives, so we wanted to share the following advice from our Action Fraud colleagues.

As more people work from home due to #COVID19, fraudsters may capitalise on slow networks and IT problems, to commit computer software service fraud.

Be wary of cold calls or unsolicited emails offering you help with your device or to fix a problem.” More information here.

Click to enlarge

Click to enlarge

The NHS Counter Fraud Authority has issued the latest Government Counter Fraud Function Guidance on anti-fraud action to be taken to mitigate the risks posed by the virus.

On 14th March 20020, Hampshire Constabulary issued a Crime Prevention Update which included reports of increased CV-19 related crimes.

Click to download

Click to enlarge

A warning from Action Fraud has been issued regarding increased CV-19 related fraudulent activity.