Skip to main content

What’s the scam? Five ways scammers used email to target victims

(Image credit: Image source: Shutterstock/kpatyhka)

There’s no doubt that the news about easing lockdown were well received by residents all across the country; particularly since the prolonged isolation has already had a humongous impact on people’s lives and, more importantly, wellbeing. According to the Office for National Statistics (ONS), more than 25 million people in the UK reported being affected by deep levels of anxiety in March 2020 only, while the number of people over 16 who admitted high levels of stress had more than doubled since the end of year 2019. It’s also worth noting that younger people, aged 18 to 24, have been three times more likely to experience loneliness as a result of the lockdown, with a remarkable 44 per cent feeling low (Source: Mental Health Foundation).

Worry, stress, isolation, loneliness, and uncertainty about what the future holds, they all formulate the right setting for fraudsters to prey on unsuspecting victims. And they did. The size and impact of scams in the past few months is shocking. Action Fraud reported that more than £3.5 million has been stolen from the UK public in scams related to Covid-19, since lockdown began and by mid-May. And only within April 2020, the National Cyber Security Centre removed more than 2,000 online campaigns pertaining to the current pandemic.

Of all the channels and tools fraudsters use, email has once again been exploited the most. The reasons are obvious:

  • It is direct, reaching the intended target’s inbox
  • It is cheap, fast to deploy, and easy to use
  • It is anonymous and impersonal, as needed to bear no great risk to the scammer
  • While being impersonal, it’s also “familiar”; most of us spend a lot of time reading and writing emails every single day
  • It is widely spread and trusted by people of very diverse demographics; e.g. different age groups or professions

Since the lockdown began, people have been spending significantly more time online, using email for both personal and professional purposes. As physical spaces have been closed and many people have been working from home, email has become an (even more) indispensable and compulsory part of our daily routine.

Email scam - what else is new?

While email has been a common platform for scams for a while, the context of the scams has recently been altered and modified, to a) reflect the current crisis, b) imitate the way large and reputable organisations responded to it, and c) manipulate people’s emotional and mental state. It is distressing to see how effectively fraudsters have grasped people’s needs and exploited the capital human crave for safeness and assurance. And that could probably be the key reason for their “success”, together with isolation that made many of us more vulnerable and susceptible to fraud. Not having friends and family around for chats means that less information is being shared with those who care and can help put things under perspective.

Scam emails in the Covid-19 era often integrate practices that were used by businesses and public sector organisations to communicate changes to their policies or customer service. Apart from the usual “safety information” emails we’ve seen so many times, fraudsters have also been using new context such as:

Fake charity emails. The lockdown has triggered our sense of community, and many of us have been more than willing to show our support to others who may be more vulnerable; either health charities, or food banks, or NGOs supporting our admirable key workers. Scammers realised that very early, and scam emails asking for donations were sent to deceit trusting samaritans.

VAT tax relief, TV license returns or council tax rebates. With several organisations adjusting their policies to accommodate the needs of small business owners and struggling customers, fraudsters have discovered new ground for defrauding innocent victims. Emails promising tax returns or other immediate financial benefits have been used extensively to get access to victims’ bank details and other personal information. The problem with some of these emails was that, generally, they were very well designed, making it hard to recognise the scam. Scammers used spoofing (headers that would make emails seem to be sent from a legitimate organisation), corporate jargon, as well as urgency links to “claim your council tax reduction now”. 

Health protection emails. The current pandemic fuelled people's need to keep informed and updated, both through News Media and via Social Networking platforms. According to data extracted from Competitive Tracker, "Covid" or "Coronavirus" themed subject lines fronting emails have seen a remarkable global increase in communications run by Social Networking companies, rising from 2,080 in February to a rocking 12,577 in March 2020. While companies like Twitter have been displaying an admirable level of responsibility and leadership though, scammers were sending malware emails with “critical information” about the virus prompting people to “click here to check how many people are infected in your neighbourhood.”

Investors’ emails. Who doesn’t love a bargain? Emails inviting people to take advantage of the current economic downturn have been sent with “exciting investment opportunities” that were, of course, fake.

eCommerce scams. Online shopping has lately become a necessity - and often was the only available option for some of us. The promotion of goods that are in high demand, such as hand sanitisers and masks, has been used for just another scam. Fraudsters have taken advantage of people’s panic as well as the replenishment issues that some retailers have experienced, for their benefit. And in many cases, it worked.

It’s not over yet.

We should hope that, as lockdown measures are relaxing, the effectiveness of these email scams will drop. Still, during May 2020, more than 160,000 phishing emails were reported to the National Cyber Security Centre; and it’s almost certain that scammers will always find new and even more imaginative ways to con their victims. This is not over, and companies should keep their workforce updated about new threats, particularly since many of them work from home, could be self-isolating, and are being exposed to more risks.

Sam Holding, Head of International, SparkPost