Fraud risks during the COVID-19 crisis, lockdown and exit from lockdown

Fraud and associated scams are an unfortunate fact of life for businesses, but there are usually robust measures available to defend against them. However, with many employees now working from home, things have changed and the scams have become more sophisticated. How can businesses defend against the new wave of frauds and what vulnerabilities can they anticipate and avoid?

rradar solicitor Fiona Tannock examines the issue. The enormous differences in the way that business is being conducted across all sectors during COVID-19 has given opportunity for a new wave of frauds to be perpetrated against both individuals and companies.

From fake news to phishing emails designed to take advantage of the health situation, the effect is widespread and this is a time more than ever to ensure that you have strong policies in place to ensure you are less susceptible to these frauds. The figures from ActionFraud from March 2020 have been released and show a 400% increase in reports of COVID-19 related fraud.

Examples of frauds that are currently being reported by businesses include:

• Phishing emails to employees designed to look as though they have been selected for ‘virus screening’ as they have been in contact with a high-risk individual.

• Online shopping scams and fake websites advertising PPE or essential supplies to businesses (facemasks, etc).

• Phishing emails designed to appear as though HMRC or Government organisations wish to offer a business tax-relief/ help with accessing Government schemes.

• A rise in employee dishonesty.

• Audio impersonation fraud – recent examples include remote employees being asked to undertake unusual requests by fraudsters impersonating senior members of their organisation over the telephone.

These are just a few examples, but it’s clear that fraudsters are taking advantage of current substantial changes in working practice (such as homeworking) and levels of concern and often panic that some businesses or staff members are experiencing.

What you can do

Here are some basic steps that you can take to avoid being exposed:

• (1) Ensure that your usual IT policy is strong in terms of fraud prevention and covers obvious areas such as anti-virus, authentication and communication of an awareness to all employees of common types of fraud and what steps to take. This last point is especially important in light of employees home working; homeworkers are specifically targeted by fraudsters in the knowledge that people are more likely to agree to transactions with fewer checks in the current climate, and they are also more susceptible to scams without the usual office framework and other people around to alert them to obvious risk. (2) Ensure that you ask for a telephone number to contact any individual or organisation if they are seemingly offering your business help and asking for further details. Do not give confidential business information away in a first contact call, or by email until you have verified identity in this fashion. All the current government schemes and credible businesses offering support will have a clear website, named individuals and/or a contact number. If in doubt, escalate this to the most senior member of your organisation, or sound out a fellow director before acting. (3) Continue to report any fraudulent activity you notice or are a victim of in the usual way. This is important, as many people suspect that systems such as police teams, courts, regulatory bodies etc. have ground to a halt during lockdown and will not be able to process your report. This is not true; it is the case that there may be longer delays than usual in being able to contact organisations initially, and that investigations and prosecutions of frauds (most of which are currently classed as non-critical work) are taking longer at the moment, but this does not mean that they cannot be reported; the systems are still in place and will respond longer-term as always. Court hearings are happening remotely, for example, and crimes are still being recorded, although they may be dealt with administratively later. This point is especially relevant in terms of reporting any loss to insurers at the time you become aware of the fraud, rather than assuming that nothing will happen. Many policies have strict conditions in respect of the date of reporting and you will risk affecting insurance cover if you wait to report circumstances or incidents which need to be notified straight away, or within a particular period. (4) Ensure you adequately monitor remote employees just as you would if they were office-based. No-one likes to think their own employees will commit dishonesty offences while at work, but there are of course a very small number of employees who will take advantage of the current lack of obvious direct supervision to attempt such offences. Research suggests this is especially true of some furloughed employees, who may resent the terms of the furlough and feel entitled. Positive employee engagement and ensuring wellbeing is a focus would hopefully minimise this risk. (5) Have a strong policy in place for return to work after lockdown. This is common sense for many reasons; however, from a fraud perspective, fraudsters are likely to take advantage of the state of uncertainty and flux that will arise when employees gradually return to work. New opportunities for fraud are bound to arise. (6) Check your insurance provisions. Ensure that you have the strongest selection of covers possible through your brokers to respond in case you are a victim of any of the above offences. Your broker should be able to talk you through the elements of individual covers and ensure you have the correct up-to-date coverage for your business. (7) Open the physical post in a timely fashion and ensure a process is in place for this. Many government agencies and banks use the physical post to alert businesses to changes or suspicious activity. There is further very useful information available for businesses online in terms of fraud prevention and reporting at:

• https://www.gov.uk/guidance/covid-19-staying-safe-online (and other sections of the www.gov.uk website with frequent updates at the moment)

• www.cifas.org.uk rradarstation Looking for more advice or guidance on this matter, or any other business-related issue? rradarstation gives you 24/7 access to guidance, videos and on demand webinars answering frequent questions and downloadable templates to use in the day-to-day running of your business, each written and verified by our legal professionals. You will find the answers you are looking for at rradarstation.