Is that really you? Staying safe from impersonation scams
8 min | 20 September 2021
Covid-19 lockdowns have made us more vulnerable to impersonation scams. Between January and June 2020, almost 15,000 victims collectively lost £58 million. In this article, we explain how to recognise suspicious calls, emails, and texts, to help you stay safe.
Your phone pings.
It's a text from HMRC asking you to follow a link where you can enter your details to receive your government Covid-19 payment.
The catch is that this particular payment doesn't exist. The text is just one of hundreds of Covid-19-related impersonation scams that have popped up since March 2020.
Almost 15,000 victims and counting
Lockdowns may have helped slow the spread of the coronavirus. But their unintended consequences — loneliness and financial hardship — have made us more vulnerable to crime.
The story changes from one scam to another, but the pattern is often the same:
Someone who says they're from your bank, the government, or the police contacts you.
They ask for your bank details or tell you to transfer money immediately. Some common reasons they give for this are:
- There's been fraud on your account and you need to put your money "somewhere safe"
- You've been fined or have overdue taxes and risk prison time if you don't pay
- You're due a refund, entitled to a government grant, or have won a prize
Then the criminals disappear with your money.
Many scammers research you and use what they find to make their story more believable. If they have access to sensitive data, for example, because a business that has your information on file was hacked, they can sound very convincing.
But it's not just banks, the government, and the police that make the perfect cover for an impersonation scam. The Covid-19 pandemic has also created new opportunities.
Widening the net
With many of us working from home, the number of fraudsters posing as IT support is increasing. Scammers may also claim your entertainment streaming services have been hacked or pose as your broadband supplier.
These types of impersonation scams are especially dangerous because the scammers may ask for remote access to your devices to "fix" non-existent network problems. Once they're in, they can take control of your device and steal logins, card numbers, and other sensitive information.
More worryingly, the scammer may not try to get you to part with your money. Instead, their aim may be to harvest information you might have used as passwords or answers to account security questions.
Knowing this information allows them to attempt what is known as SIM jacking, or SIM swapping. They'll call your phone provider and try to trick them into transferring your number to a new device so they can take control of your banking apps.
Sometimes scammers ask people to log in to their online banking website, funds are transferred from one account to another to make it seem like the client received a 'refund', and then are asked to return the 'overpayment for the refund'.
So, you're after a 'no-strings' job?
With unemployment stats fluctuating, criminals have also seized the opportunity to recruit out of work and vulnerable people as money mules.
Typically, victims are recruited through social media ads promising them they can 'make money from home'. Except what you're asked to do — pass money through your bank account on behalf of criminals — is money laundering, and has serious consequences, potentially prison time.
Needless to say, you should never agree to let money from people you don't know pass through your account. If someone approaches you to do this on social media, report and block the account. Banks constantly monitor accounts for suspicious activity, and even small amounts could get you in trouble.
Being a money mule can also have financial consequences. Banks may blocklist you, so you may not be able to open an account, get a credit card or borrow money in future.
How to avoid impersonation scams
Take Five (Opens in new window), a government-backed campaign against fraud, advises treating any unsolicited call, email, or text as suspicious, even if they know some details about you.
"Your bank or the police," they say, "will never ask you to transfer money to a safe account or contact you out of the blue to ask for your PIN or full password." Similarly, you shouldn't give out personal information to anyone unless you were expecting them to be in touch.
Even then, it's worth taking some precautions:
- If anything at all makes you feel suspicious, hang up (or don't reply). Instead, get in touch with the organisation using a contact number or email address from their website
- Verify callers before you engage, and don't let them rush you. If they're genuine, they'll be more than happy for you to take your time
- Never give a cold caller remote access to your devices
- Pay attention to any service outages. If your phone can't call or send texts for more than 20 minutes, get in touch with your network provider
- Use two-factor authentication on your accounts and biometric secure authentication on your devices. Factory reset old devices before throwing them out
- If you think you've fallen for an impersonation scam, call your bank immediately. They'll tell you what to do to limit the damage
Have a family member or friend you think would benefit from reading this? Pass it on.
We also recommend reading these
- Too good to be true: How to recognise and avoid online scams
- To trust or not to trust? Romance scams, investment scams, and other online confidence tricks
- Get smart about card fraud
- fstech.co.uk Article dated 16 September 2020 "Impersonation scams nearly double during COVID, costing £58m"
- ukfinance.org.uk Press release "Impersonation scams almost double in first half of 2020 as criminals exploit Covid-19 to target victims"