Risk in Context

Is your organisation at risk from a COVID-19 scam?

Posted by Suzanne Hopkins June 24, 2020

The COVID-19 pandemic is certainly unlike anything we have seen before. Sadly, during these unusual times, cyber criminals are taking advantage where organisations and their employees may be at an increased risk to falling victim to scams.

It is important to ensure our colleagues and employees remain vigilant to the threat of fraud, especially cyber fraud. Many organisations have moved to a virtual environment and are managing business operations under the pressure of limited interaction or contact. This has exposed organisations to opportunistic cyber threats that benefit from an employee’s competing priorities in the home office or from the poor internet connection or stability.

A recent report from the Association of Certified Fraud Examiners titled ‘Fraud in the wake of COVID-19’ focused on exploring how the fraud risks have evolved and the impact the global pandemic is having on organisational anti-fraud programs.

Of those organisations that were surveyed, 75% said they already have encountered an increase in phishing through government impersonation, 71% reported seeing an increase in charity fraud and 62% reported seeing an overall increase in business email compromise scams.
Alarmingly 93% of respondents expect an increase in fraud over the next 12 months.

Increase in COVID-19 themed cybercrime

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) have posted a threat update on the evolving nature of COVID-19 related malicious cyber activity affecting Australian individuals and businesses.
Reports of various COVID-19 themed scams, online fraud and phishing campaigns have been reported with actors registering their themed websites to conduct widespread phishing campaign that distribute malicious software or harvest personal information from unsuspecting Australians.

A warning from the ACSC says those engaged in cybercrime activities continue to rapidly adapt their techniques in the current environment.
Remote access scams targeting people working from home
Cybercriminals have pounced on the opportunity to take advantage of people working from home with the ACSC warning businesses of the persuasive remote access scams. Reports suggest fraudsters pretending to be from IT companies, telecommunications companies, banks and even from the ACSC, are targeting businesses with the bogus scenario to ‘fix an issue’ with their remote access. It is important to remind colleagues and employees of the permissions or requirements for allowing someone to access your devices.

Tips to protect your organisation from phishing

As general advice, every organisation should invest in training their employees in fraud prevention. Communicating with your employees about the current fraud and cyber fraud schemes that are being reported will ensure your employees know how to report any suspicious activity. For best practices when handling emails, it is recommended employees:

  • Verify the sender and the email address – ensuring the spelling is correct.
  • Be cautious with clicking on embedded links. Verify that the website address is legitimate (official website with correct spelling). 
  • Scrutinize attachments and do not click or open.
  • Treat a message as suspicious if there is a stated or implied urgency to it.
  • Never allow an unidentified source remote access to your computer.

Fraudulent payments and business email compromise

A common fraud scheme that has reportedly seen success is the business email compromise scams, whereby attempts are made to convince an organisation and/or their clients to redirect payments such as payroll or supplier invoices. The target of this scam are organisations working with foreign suppliers or organisations that regularly perform wire transfers.

Tips to protect your organisation

  • Check spelling, tracking numbers, names, contact numbers, sender or URLs for legitimacy.
  • Verify any request to change bank details by contacting the supplier directly using trusted contact details.
  • Implement a multi person approval process for transactions over a certain dollar amount.
  • Invest in data analytics to increase detection of fraud, irregular transactions or anomalies in the payments process.

Check the following websites for further advice and an updated listing of current scams:
https://www.scamwatch.gov.au/types-of-scams/current-covid-19-coronavirus-scams
https://www.cyber.gov.au/news/covid-19-cyber-scams-mount-against-australians
https://www.cyber.gov.au/threats/threat-update-covid-19-malicious-cyber-activity-20-apr-2020

These materials are not intended to be taken as advice regarding any individual situation and should not be relied upon as such. The information contained in the materials is based on sources we believe reliable but we make no representation or warranty as to its accuracy. Any modelling, analytics, or projections are subject to inherent uncertainty, and may be materially affected if any underlying assumptions, conditions, information, or factors are inaccurate or incomplete or should change. Except as may be set out in an agreement between you and Marsh, Marsh is not required to update the information and shall have no liability to you or any other party arising out of the information. Marsh makes no representation or warranty concerning the application of policy wordings or the financial condition or solvency of insurers or re-insurers. Marsh makes no assurances regarding the availability, cost, or terms of insurance coverage.

 

Suzanne  Hopkins

Senior Consultant, Strategic Risk | Client Advisory Services, Pacific

This website contains general information, does not take into account your individual objectives, financial situation or needs and may not suit your personal circumstances. For full details of the terms, conditions and limitations of the covers and before making any decision about whether to acquire a product, refer to the specific policy wordings and/or Product Disclosure Statements available from Marsh on request.