The email is immediately threatening. “I know every dirty little secret about your life,” it begins. “To prove my point, tell me, does [REDACTED] ring any bell to y?u? It was one ?f your passwords.”
The message goes on to inform recipients that the sender knows where they live, to whom they talk and how they spend their days, before delivering the punchline: “You need t? pay me $4,000. You’ll make the payment via bitcoin … If I do not get the payment: ? will infect every member ?f your family with the coronavirus.”
Welcome to the underworld of Covid-19, which, depending on your stance, can be viewed either as the greatest public health and economic emergency for a century, or a chance to scam a fortune from a captive market under effective house arrest.
The email is a variation of so-called “sextortion” scams, where people are blackmailed with the threat of their X-rated photos being sent to their family and friends (inevitably, a few pay up). Now, the latest coronavirus iteration has been intercepted by the internet security company Sophos.
Research by the group has also found that the volume of coronavirus email scams nearly tripled in the past week, with almost 3% of all global spam now estimated to be Covid-19 related. Attackers are increasingly impersonating the World Health Organization (WHO) and the United Nations, Sophos said.
Chester Wisniewski, the firm’s principal research scientist, said: “Cybercriminals are wasting no time in shifting their dirty, tried-and-true attack campaigns towards advantageous lures that prey on mounting virus fears. Criminals often dip a toe in the water when there is a new or sensational topic in the news.
“[In] one of the spam campaigns we tracked this week, there was evidence of exactly that … The main body of the email pretends to come from [a WHO email address] with ‘health advice’ in the attachment, but when we carefully inspect the plain text body, we see it matches a previous spam campaign from [a familiar] criminal.”
The email spam campaigns are typically designed to obtain individuals’ personal information, which can then be used by criminals to steal funds. However, the range of different scams is far wider than rogue emails.
Neil Tyson, the director of the consultancy Fraud Management Resource Centre, said: “Criminals will use the telephone, text messages, email, post or knock at the door. They will exploit all five of those. People will knock at doors selling fake test kits or fake cures. People will claim to be acting for the local authority, saying we need contact details in case of emergency. There are examples of that.”
Indeed, the Chartered Trading Standards Institute is currently warning the public not to open their doors to bogus healthcare workers claiming to be offering “home testing” for the coronavirus.
Its concerns have been mirrored at the Bank of England – where it is understood that senior figures have been expecting a rise in fraud because of the Covid-19 pandemic for weeks – as well as by similar warnings from a range of UK bodies including the Financial Conduct Authority, the National Cyber Security Centre, the National Crime Agency and Action Fraud.
The latest figures from Action Fraud show there have been 105 coronavirus-related reports since 1 February 2020, with total losses reaching nearly £970,000.
These figures do not include the email phishing scams – and, presumably, many other cases that have gone unreported – but the majority of the recorded cases concern online shopping scams where people have ordered protective face masks, hand sanitiser and other products that have never arrived.
Other frauds being reported include ticket fraud, online dating fraud, charity fraud and lender loan fraud.
An Action Fraud spokeswoman said: “While fraud reporting levels into Action Fraud have not increased, we have seen a number of different scams circulating relating to Covid-19 … Criminals are also using government branding to try to trick people, including using HMRC branding to make spurious offers of financial support through unsolicited emails, phone calls and text messages.
“This situation is likely to continue, with criminals looking to take advantage of further consequences of the pandemic, such as exploiting people’s financial concerns to ask for upfront fees [on] bogus loans; offering high-return investment scams; or targeting pensions.”
The lengths that some criminals will go to is proving quite extraordinary.
Last week, the Department for Education warned of a scam email asking parents of children eligible for free school meals for their bank details, so that their child could still receive meals during school closures.
Adam French of the consumer rights magazine Which? said: “This marks a new low in the abhorrent tactics we have seen fraudsters using to exploit the ongoing coronavirus crisis, which has unfortunately created the perfect breeding ground for scams.
“The best way for consumers to protect themselves is to remain vigilant and take extra precautions before clicking on any unsolicited emails, texts or answering calls. Make sure your computers, mobile phones and tablets are supported by the latest security updates, and consider installing antivirus software to minimise threats.”
Aside from the frauds that are already in operation, others will undoubtedly emerge, as scams travel almost like a virus. Some fear that law-abiding people who have been plunged into financial difficulties because of the pandemic may also be tempted to try their luck.
A spokeswoman for the Association of British Insurers warned: “Experience shows us that – in times of austerity – insurance fraud (along with many other forms of fraud) tends to increase. This may lead to individuals – and owners of failing businesses – being tempted to commit fraud.
“We are [also] aware of several insurance scams that are beginning to emerge in the US, including … bogus Covid-19 health insurance [where] scammers are pitching low-cost health insurance, promising full coverage at affordable prices.”