daviles - stock.adobe.com
With days to go until the coronation of King Charles III, cyber fraudsters are seeking to capitalise on a surge in public interest, according to researchers at Kaspersky, who have uncovered multiple fake websites posing as official outlets selling commemorative items such as coins, mugs, plates and other coronation memorabilia.
Kaspersky said scammers and fraudsters are already tricking people into interacting with fake websites designed to harvest their personal information and steal their money.
Many of these websites are also insecure, meaning any data entered into them – such as credit or debit card information, addresses and usernames – can be easily harvested and sold on underground dark web forums.
“As the King’s coronation approaches, we have found clear evidence that scammers are ramping up their efforts to make the most of this once-in-a-lifetime celebration to deceive people and make a quick profit,” said David Emm, principal security researcher at Kaspersky.
“Any information – personal and financial – that is shared with fake or unsecured sites could be harvested and used by criminals to steal money from bank accounts, and potentially even sold on through the dark web, where it can be used by other criminals,” he added.
“We urge people to remain extremely cautious when shopping online for royal memorabilia, and take simple steps to avoid falling victim to these scams.
“By taking a few extra minutes when shopping online, you can ensure that your experience of the event is a positive one and that you don’t lose out,” said Emm.
There are a number of steps members of the public can take to avoid being tricked out of their money, most of which can be summed up in two words – remain vigilant.
Of course, where possible, consumers should stick to reputable retail brands that they know, and official merchandise sites – but even those can be impersonated in some circumstances, so when shopping, check things such as fonts, grammar and spelling. Basic mistakes will often be a clear sign of a scam. Look also for a padlock symbol in your browser’s address bar – if one is not present, avoid like the plague.
In a similar vein, cyber fraudsters will often impersonate logos or use letters and numbers that look alike in URLs to trick people, for example by substituting the number 0 for the letter O, and the number 1 for the letter L. In this basic example, the word Royal could be rendered as R0ya1.
It’s also important to be aware of phishing emails that may be seeking to capitalise on the coronation. If sent an email with a link to a shop, a simple way to avoid getting caught is to copy and paste it into a web browser to help you identify if it is fake.
If in any doubt about the legitimacy of an email, contact the alleged sender directly but do not use any numbers or addresses in the email – search for the organisation online and contact it directly using the details on its website.
Additionally, the NCSC operates a phishing email reporting service, which can be reached by forwarding any suspicious emails to [email protected].
To report a suspected crime or if you have fallen victim to fraud or cyber crime, contact Action Fraud via its website or by calling 0300 123 2040 if you live in England, Northern Ireland or Wales, or Police Scotland on 101 if you live in Scotland.
Exploiting current events is a widespread tactic across the spectrum of cyber criminality – Russia’s war on Ukraine and the Covid-19 pandemic being two of the high-profile “lures” used in recent years – and just last week, there was a spike in activity relating to the UK’s test of its Emergency Alert system.
Nor is this the first time the British royal family has been dragged into the fray. Last autumn, following the death of Queen Elizabeth II, the NCSC took the step of warning the public about fraud and phishing attacks linked to the Queen’s state funeral and the period of official mourning that preceded it.
Some of the scams seen following the Queen’s death included websites selling tickets to attend the Lying-in-State at Westminster Hall, which was free to attend, and non-existent deals on train and coach tickets.
Read more about cyber fraud
- Multinational Operation Cookie Monster takes down Genesis Market, a crucial source of compromised data used by criminals for fraud and other cyber attacks.
- UK authorities have charged three men in connection with the operation of a website that sold social engineering tools to cyber fraudsters.
- The administrator and more than 100 users of the iSpoof.cc cyber fraud website have been arrested in a major counter-fraud operation led by the Metropolitan Police.