How to fight back against COVID-19 scams

Share this post

Online crime gangs were quick to capitalise on Coronavirus. So much so that almost 3% of global spam is estimated to be Covid-19 related, according to internet security company Sophos, and 36% of people in the UK have been contacted by scammers since the start of the pandemic, according to Citizens Advice.

So, in this dangerous era its important to be aware of the most familiar scams that have been re-booted over the last few months so that you can keep yourself and your business safe.

Push payment fraud

Push payment fraud is known by a variety of names, including CEO fraud, bogus boss fraud or business e-mail compromise. It’s when criminals impersonate company executives to trick employees into making payments to accounts they control. And it cost UK businesses alone nearly £140 million in 2019, says UK Finance.

Criminals are putting a Covid-19 spin on the fraud by asking businesses to transfer money to accounts supposedly at the Bank of England. We’d advise verifying all requests for transfers, bank or personal details with the organisation or individual making the request using established contact details. Do not reply to the e-mail or use the telephone numbers provided — they may be fake.

Consider introducing two-factor authentication for the corporate e-mail system to raise the bar against criminals. And be wary of what you post to social media, company websites and out-of-the-office messages. It’s easy for fraudsters to create a targeted e-mail from such information.

Advance fee fraud

Victims are asked to pay a fee upfront before receiving stock, refunds, rebates etc. The scammer collects the money and disappears. Covid-19 related advance fee frauds include selling non-existent medical supplies, landlords purporting to offer retailers a rent deferral in return for a 10% down payment, and fake offers of government assistance, grants and tax rebates.

Know the habits of your suppliers and business partners. Then you’ll stand a better chance of spotting out-of-the-ordinary requests or sudden changes to business practices. If in doubt, double-check with a colleague even when working from home. Check sender e-mail addresses by hovering the mouse cursor over them. Also check they are spelt correctly and come from a corporate account rather than a free e-mail service, such as Gmail or Yahoo.

Tech support, software and fake anti-virus scams

With more employees now working from home, businesses face a higher risk of being defrauded by phishing and malware attacks. This is when criminals send e-mails that look like they come from trusted sources, such as the IT department.

The e-mails claim that it’s time to upgrade software or anti-virus protection. But really, the criminals want recipients to click on links or open documents that contain viruses or divulge login details or passwords.

Awareness that such scams exist is half the battle. If you’re not expecting the e-mail or don’t know the sender, delete it without reading. Don’t click on links or open attachments. If you’re responsible for IT network security, consider e-mail filtering, network segmentation to protect against compromised devices and strong authentication for more secure areas.

Unusually large orders, new ‘customers’, fake creditors

We live, work and trade in unusual times. Nonetheless, be on your guard for new customers placing large repeat orders. Fake creditors are also making the most of Coronavirus cash flow issues. They contact businesses claiming that they are owed money or chasing late payment. They may even threaten legal action, arrest or removal of goods to cover the value of the debt for good measure.

Criminals are unscrupulous. In uncertain times, they prey on people’s emotions, whether that’s fear, desperation, generosity or greed. Being aware of their techniques to guard against them is half the battle in protecting yourself and your business.

By Koen Vanpraet

CEO of PXP Financial

More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?