Covid-19 scams: how the pandemic has been Christmas for fraudsters

Stress, bewilderment and panic are all a rational response to the Covid-19 crisis that have the side-effect of leaving people more vulnerable than they normally would be to exploitation by opportunistic fraudsters.

Garda figures released earlier this month show online fraud increased by 55 per cent and phishing complaints rose 45 per cent in the period March 1st to May 31st compared to the same time last year.

There is an obvious explanation: new circumstances, new payments and new procedures have opened up new avenues for unscrupulous criminal operations. As Europol executive director Catherine De Bolle put it, the pandemic “brings out the best but unfortunately also the worst in humanity”.

Some scams are, of course, less convincing – and less grammatically sound – than others. One recent flurry of surely 100 per cent unsuccessful emails assures newspaper journalists they are eligible for a cash bonus the likes of which haven’t been seen in the industry in several decades, if ever.

We all think we’re too clever to fall for a scam. But some attempts at phishing – the practice of luring people into giving away financial information that can then be used to defraud – are highly sophisticated, and fraudsters only need a small proportion of their targets to be too trusting or unthinking at that exact moment in time in order to sustain the whole shady business.

So what’s been going on and what should people look out for as a matter of course?

‘Smishing’ warnings

The Revenue Commissioners and the Department of Employment Affairs and Social Protection are the two highest-profile public organisations that have been impersonated in recent months as part of phishing attempts made via SMS (text messages). Phishing by SMS is sometimes referred to as “smishing”.

In the Department’s case, the texts began almost as soon as the economy shut down. Members of the public received messages from an unknown number telling them they were entitled to the Covid-19 pandemic unemployment payment and to clink on a link marked “socialwelfareireland”. When the recipient clicks on the link, they are then asked to provide their bank account details.

The Department has advised the public that such messages are scams and that they shouldn’t click on the link or reply to the text. Anybody who provided information in response to the fraudulent texts should contact their bank immediately.

Revenue has reminded people that it never sends text messages requiring the provision of personal information via links, pop-up windows, reply texts or email

It added that it never requests bank account or any other financial institution account details from its customers by phone or by social media. Neither does it seek to clarify or check this information over the phone. Bank account information is only accepted as part of a written application to the Department.

Revenue profiles

There has also been “ongoing circulation” of a number of scam text messages purporting to come from the Revenue, which similarly contain a link to a fraudulent website seeking personal information from taxpayers.

As a result, the Revenue has reminded people that it never sends text messages requiring the provision of personal information via links, pop-up windows, reply texts or email, and that taxpayers using its online services should always access them through Revenue.ie. This is important as some mocked-up websites used by phishing operations will very closely resemble the real thing.

Regrettably, these scams do yield success for those who perpetuate them. The Revenue last month informed 3,000 taxpayers that as a result of information provided by them, personal details held in the user profile of their Revenue myAccount may have been accessed by fraudsters.