Protect your business from Coronavirus fraud

15th April 2020

Our colleagues at Triodos Bank have compiled the following to help people understand the latest trends and what steps can be taken to prevent fraud, secure account details and protect personal data.


Security Tips from Triodos Bank

As communities and businesses across the country adapt as best they can to the impact of the Covid-19 pandemic while following Government guidelines, fraudsters are finding ways to profit.

To help protect our customers from fraud we’ve been working with specialist agencies such as Cifas, ActionFraud and UK Finance to understand the latest trends and what steps you can take to prevent fraud.

Fraud scams and prevention tips

Government Grant scam

Fraudsters are sending texts and emails to businesses supposedly from HMRC or the Government offering grants. There’s often a link to a fake website designed to capture sensitive information that can be used to commit fraud. If you get an email from HMRC, check the ‘From address’ is genuine. You can also check HMRC’s list of contacts, which lists every email and text they send to businesses, and how to recognise a genuine HMRC email, text and voice message.

Fake supplier websites

Many businesses are struggling to source the supplies they need and are using new suppliers to meet demand. There are plenty of fake websites claiming to have what you need in stock, take your payment and seem to vanish. Always do your research on suppliers before you buy – check Companies House, research reviews and ask people you trust in your industry. Ensure the website you buy from is the genuine web address of the company and not a copycat.

Delayed delivery scam

Fraudsters pose as a supplier and tell you your delivery is going to be postponed or cancelled due to Coronavirus – then attach new shipment instructions. Don’t open attachments from unexpected emails, as they may contain malware. Before clicking a link or opening an attachment, check the sender address and call the company on their published number to verify the email is real.

Invoice fraud

Fraudsters impersonate suppliers and use Covid-19 as a reason to change the account details you should pay into. Sometimes they hack the supplier’s emails so the email address is genuine, but the payment details are owned by the fraudster. They may even warm you up with an email days before to let you know the payment details will be changing. Always call a supplier on their published number to check any new payment details before paying. Remind your staff to be extra vigilant about reporting suspicious activity and following processes.

CEO fraud

Remind your employees to be suspicious of emails from senior executives or the CEO asking to make urgent payments. Fraudsters often spoof CEO email addresses to pressure employees to transfer money. Urgent requests may seem less suspicious in the current circumstances, which is what fraudsters are counting on. Homeworking hinders checking these requests in person, but you should call to check the request is legitimate. Always follow your process – especially in times of crisis.

Health information scams

Be suspicious of unexpected emails from the NHS, Centers for Disease Control and Prevention (CDC) and the World Health Organisation claiming to offer help and advice. Don’t open attachments or click links from unsolicited emails - these may contain malware or attempt to gain confidential information about your business and accounts.

Rent deferral scam

If you rent your premises, you may receive an email claiming to be your landlord offering a rent deferral for three months in exchange for a deposit into a different account. Call your landlord on the number you have saved for them or on their published number to check this email is genuine.

Theft from empty premises

Empty business premises with sensitive details left on site unsecured are at risk. When guarding against theft, we often think about computers, equipment and tools that can be resold, but don’t forget to protect your data too. Fraudsters can use data like employee details, bank details, customer details, and cheque books to impersonate the business and commit fraud. Ensure everything on your premises and any data is securely stored whilst the premises are vacant.

Protect your business from cyber attacks

Many of these scams involve cyber attacks – such as installing malware onto your device, or hacking your emails or the emails of your supplier in order to commit fraud. Having up-to-date anti-fraud software reduces the risk of cyber attack, malware, ransomware, data breaches and ultimately losing the business money.

It’s also good practice to:

  • Enable the highest security settings in your email provider
  • Enable spam filtering
  • Use strong passwords
  • Enable 2 factor authentication
  • Log out of your emails when not using them
  • Never leave your device unattended

What are the key takeaways?

  • Be suspicious of unexpected emails, calls and texts, and do not open attachments or click links in these
  • If in doubt, call the organisation on their published number
  • Check sender address in emails
  • Check web address in browser
  • If you’re still unsure, you can call us.

We’re here for you

We completely appreciate that this is a challenging time and we want you to know we’re here to support you and your business. If you have any concerns or questions, contact your relationship manager, or visit our Coronavirus support page.

Report suspected fraud

If you suspect fraud, call us immediately on 0330 355 0355. We're here 8am-6pm weekdays and 10am-4pm weekends for fraud queries. If abroad, call +44 (0)1179 739339.

How to report suspected fraud

Be fraud aware

Explore our fraud awareness pages for more information about how to spot suspicious activity, how fraudsters can access and use your data, and how to keep your business safe.

Fraud awareness