With the country locked down for the last year, thieves have had to get creative. People spending more time inside their homes and online has led to a windfall for cyber and phone scammers who have conned consumers out of £34.5 million since 1 March 2020, according to the Action Fraud Team. In turn, recorded theft fell by 21 per cert in the year to September 2020 compared to 2019, with burglaries down by 20 per cent, according to the ONS.

The UK’s cybersecurity agency has taken down more scams this year than the last three years combined. A recurring tactic used by fraudsters is NHS or Coronavirus-themed messages in order to trick the public into handing over financial information. Alongside NHS scams, HM Revenue & Customs (HMRC) has been the most copied brand used, appearing in over 4,000 campaigns, closely followed by government’s gov.uk website, and TV Licensing. Texts from fraudsters claiming to be HSBC informing customers of a new payment and from the 2021 Census team warning of a £1000 fine to households which haven’t filled in their information have also been used. 

Figures released by the City of London police, which coordinates efforts to combat fraud, disclosed that this has resulted in over 150 fraud related arrests and over 2,000 fraudulent websites, phone numbers and email addresses being taken down with a total of 416,000 reports of cyber crime made. Criminal activity peaked between April and May 2020 and again from January 2021, when lockdown was in full force with people in their 20s most likely to fall victim to the scams. 

According to a recent report by the National Cyber Security Centre (NCSC) a 15-fold rise in the removal of online campaigns was seen compared with 2019, including 43 fake NHS apps hosted outside of official app stores that have been taken down. 

Yet the NCSC says the increase in scams removed was a result of expanding the coverage of the NCSC Takedown Service, not because there was a corresponding 15-fold increase in scams. The NCSC’s Active Cyber Defence (ACD) programme continues to tackle the threat from online scams and the Takedown Service is there to prevent more cyber attacks harming the UK.

In 2020, it expanded coverage to include new scam categories including fake “celebrity-endorsed” investment schemes, fake shops and those using COVID-19 as a theme.

Dr Ian Levy, technical director of the NCSC, says, “The ACD programme is truly a collaborative effort, and it’s thanks to our joint efforts with partners both at home and internationally that we’ve been able to significantly ramp up our efforts to protect the UK. This has never been more important than in the last year, where it was vital for us to do everything we could to protect our most critical services and the wider public during the pandemic.”

He adds: “The bold defensive approach taken by the ACD programme continues to ensure our national resilience and so I urge public bodies, companies and the general public to sign up to the services available to help everyone stay safe online.”

The NCSC is also now aware of a new spyware called Flubot, affecting Android phones and devices across the UK. It is installed when a victim receives a text message asking them to download a tracking app due to a missed delivery, which is in fact spyware that then steals passwords and other sensitive data from the device. 

Royal Mail has also issued a warning after scammers targeted millions of customers with phishing emails and texts. One of the texts read: “Your Royal Mail parcel is waiting for delivery. Please confirm the settlement of 2.99 (GBP) via a link”, with fraudulent emails reading “Your package could not be delivered on 07/12/2020” (or other dates) coming from apparently legitimate Royal Mail Ltd email addresses including press.office@royalmail.com. 

Another email states the courier was unable to deliver the item, giving a notification number and asks people to confirm the parcel is theirs. In any scenario, Royal Mail has issued a statement advising not to click on these links or input personal details. 

“Celebrity-endorsed” investment schemes represent a new breed of scam. Impersonators of billionaire Tesla CEO Elon Musk have stolen at least $2 million from crypto currency investors in fake giveaway scams, reports the Federal Trade Commission. It is part of a tactic where con artists pose as celebrities, in this case the self proclaimed “technoking”, promising to multiply investors’ funds, but pocket the money instead. 

Ireland’s health system is also still struggling to recover after a cyber attack forced its entire IT system to shut down. Thousands of diagnostic appointments, cancer treatment clinics and surgeries have been canceled or delayed since the ransomware attack on Friday. Authorities have said it could be weeks until services resume to normal. 

With seemingly legitimate domain names and addresses, these scams are convincing. But Which has some advice for consumers to spot them. Customers are advised to never reveal their four-digit pin to a caller, even if they claim to be with law enforcement. When it comes to emails, they tell people to check the address the message came from. In cases where this looks legitimate, such as Royal Mail scams, a key indicator it is not to be trusted is how the text starts. If it begins with “hi” with no name or followed by email addresses then this is a tell-tale sign of fraudulent activity. 

On Newsbeat, Joe Tidy, cyber reporter for BBC News, advises consumers to “slow down. It may sound obvious, but a lot of these scams are being run really well and look so good”, which encourages the public to rush into purchases from fake websites, especially when they are being endorsed and advertised by influencers from social media platforms including TikTok and Instagram.