More than £34.5m stolen in pandemic scams over past year

In a chilling reminder that the threat from cyber criminals persists at any time and that no institution is safe, even those charged with saving life during the pandemic, the UK's police forces have recorded more than 6,000 cases of Covid-related fraud and cyber crime since 1 March 2020, with the UK’s pandemic response infrastructure a regular target.

Data released by the City of London Police, the national policing lead for fraud and the organising body for Action Fraud and the National Fraud Intelligence Bureau, has revealed it had received 6,073 reports of coronavirus related fraud and cyber crime since 1 March 2020, resulting in losses totalling £34.5m.

It added that since the pandemic began, dedicated national fraud units have arrested 156 criminals believed to have been committing fraud during the national restrictions imposed as a result of the coronavirus pandemic, and taken down more than 2,000 websites, phone numbers and email addresses linked to frauds.

In total, the City of London Police received more than 416,000 reports of fraud and cyber crime with reports of online shopping fraud being at an all-time high since records began. The force revealed there has been an increase in online shopping fraud (42%) and romance fraud (20%) committed in the past 11 months, and a decrease (15.5%) in computer software service fraud. This, it said, shows the effect the pandemic has had on the type of fraud criminals committed.

Additionally, the force revealed it was faced with the new threat of coronavirus-related fraud and cyber crime. The data showed that the peaks of these reports occurred in April and May 2020, with another spike in January 2021, following a coronavirus vaccine phishing campaign.

“The past year has been incredibly challenging for every single one of us,” said City of London Police commissioner Ian Dyson. “Sadly, we have seen devious criminals taking advantage of the coronavirus pandemic as a means to commit fraud, often honing in on people’s anxieties and the changes that have occurred to their daily lives.

“Policing has had to adapt quickly to what is an ever-changing public health situation, but nothing has stopped us from pursuing these individuals and disrupting their activity,” he said. “We are committed to protecting the public from fraud and have worked closely with all our partners in law enforcement and the private sector to make arrests, gather evidence, and ultimately bring criminals before the courts.”

The City of London Police’s Intellectual Property Crime Unit (PIPCU) has also taken down several websites believed to be selling counterfeit goods relating to coronavirus such as testing kits and face masks.

Its Dedicated Card and Payment Crime Unit (DCPCU), another specialist fraud unit with a national remit, has also made a number of significant arrests related to coronavirus crime. The unit, comprised of officers from the City of London and Metropolitan Police and funded by the banking industry, has executed 99 warrants since the start of the pandemic and made 56 arrests, 27% of which were of criminals committing coronavirus-related “smishing”, phishing attempts delivered by SMS text message rather than via email.

Examples seen by the DCPCU during the coronavirus outbreak include messages purporting to be from the government, offering people financial support including one off payments and loans, and messages impersonating the NHS offering people the coronavirus vaccine. The unit has already seen 30 criminals convicted since March 2020 and has taken down 773 social media accounts used to commit fraud.

In addition to the City of London Police, the UK’s National Cyber Security Centre (NCSC) also tracked a massive uptick in threats and crime related to the pandemic, alarmingly in some cases directed specifically at health organisations.

The NCSC told the BBC that it was tackling about 30 “significant attacks” a month against the country’s pandemic response infrastructure, including attempts to breach organisations such as the NHS, vaccine producers and vaccine supply chains. NCSC operations director Paul Chichester disclosed that there had been a number of successful ransomware incidents against businesses – “roughly around 10”.