Protecting yourself against COVID-19 phishing scams

More people have been spending their time online under lockdown, whether to connect with family, carry out their work from home, or stay entertained with film and TV streaming sites.

Unfortunately, this uptick in internet usage has also led to a spike in reports of online scams, as criminals seek to take advantage of the unusual and stressful situation and persuade people to part with their money or personal information.

In response to this increase, the National Cyber Security Centre (NCSC) launched a new suspicious email reporting service on 21 April.

Since then, the service has received more than 160,000 reports of suspicious emails, leading to more than 300 sites being taken down.

Some of the scams identified included fake GOV.UK and TV licensing websites, as well as fraudulent offers of testing kits and face masks.

Earlier in the year, there were also reports of emails that claimed to be from HMRC, telling victims they could claim a tax rebate to help them deal with coronavirus.

Ciaran Martin, chief executive of the NCSC, said:

"While cyber criminals continue to prey on people's fears, the number of scams we have removed in such a short timeframe shows what a vital role the public can play in fighting back.

"I would urge people to remain vigilant and to forward suspect emails to us. If it looks too good to be true, it probably is."

If you receive a suspicious email, you can report it by forwarding it to

Stop, challenge, protect

The Home Office has also published advice for businesses and individuals to protect themselves against fraud and cyber crime. This is made up of three main steps:

Stop: Take a moment to think before giving away your money or information. Many scams work by rushing their victims, so they don't have time to notice any warning signs.

Challenge: Could it be fake? For example, if you receive a sudden email from a supplier asking for payment, be sure to verify their details by contacting the company you're dealing with directly.

Protect: If you think you have fallen victim to a scam, contact your bank immediately and report it to Action Fraud.

Other ways to protect your business

Cyber security is important at any time, and it's not limited to avoiding phishing attacks.

Now could be a good time to take another look at the measures your business has in place, and see if there are ways you could strengthen them.

Here are a few points to consider:

  • Are you and your staff using strong passwords?
  • Are your employees' account privileges limited, to minimise the damage if they did fall victim to a scam?
  • Does everyone in your business know the obvious signs of a scam? For example, poor grammar and spelling, threatening messages, or demands for immediate action.
  • Do you have up-to-date antivirus software and a working firewall?
  • If your staff use personal devices for work, or if you provide laptops, tablets or mobile phones for work purposes, are those secure?
  • Are you backing up your data on a regular basis?

Further guidance from the NCSC on cybersecurity for small businesses can be found here.