Fraudsters capitalise on fear, uncertainty and doubt during the pandemic

fraudsters in pandemic

David Emm, Principal Security Researcher at Kaspersky discusses how fraudsters capitalise on fear during the pandemic.


With COVID-19 increasingly being used as a hook to commit fraud, threatening consumers and businesses of all sizes, criminals are continuing to use social engineering methods to spread malware and harvest the personal information of vulnerable individuals. With many people currently concerned about their financial situation and the state of the economy, fear, uncertainty and doubt has created an ideal environment for fraudsters to operate in.

As a result of the pandemic, businesses and individuals have been forced to do everything from home, including banking, shopping, socialising and, in most cases, working. However, the risks associated with more people having to use online systems has provided cybercriminals with new opportunities. In fact, since June, over 13,500 reports of COVID-19-related fraud have been reported, with total losses of over £11 million.

We are currently in a situation where, suddenly, many individuals are outside the protective ring offered by a corporate network. At the same time, criminals have been offered a persistent hook to latch onto. When we consider the seasonal holidays that are normally used by cybercriminals, such as Valentine’s Day, Black Friday, the Olympics and the World Cup, they’re ‘here today, gone tomorrow’ topics, whereas COVID-19 is something that can be used, week after week, to greater criminal advantage.

Heightened tech use has heightened cybercrime


When the initial lockdown forced the nation to remain at home, every aspect of life played out online – and for some, this was completely new. Research has suggested that over a third (35%) of people believe they’ve become more comfortable using technology because of the pandemic, but how confident they feel about their online security is a different question. And whilst people are growing increasingly comfortable using technology, the integration of these platforms into our everyday lives has enabled fraudsters and criminals to capitalise on vulnerable and unsuspecting individuals.

Even though the topic of COVID-19 continues to be exploited, the nature of the attack remains fairly consistent. Fraudsters are not changing their methods, as the social engineering aspect is paramount to the success of their scams. Cybercriminals have generated a succession of new scams that play on various aspects of people’s fear, trust and hope surrounding the pandemic. Examples include impersonating health bodies such as the World Health Organisation or the NHS, as well as imitating government offers to help consumers cope with the financial pressures of the pandemic by offering ‘free’ tax credits and sending fake messages from delivery companies. COVID-19 provides the context, but all of these variations rely on tricking people into doing something that jeopardises their security. 

These types of socially engineered phishing attacks aren’t exclusive to people imitating the government or other critical bodies. As the amount of time at home has increased, many consumers have turned to tech to purchase products or services – for example, three-quarters of the UK now food shops online. This has resulted in online shopping fraud being 55% higher than it was in 2019, due to an increased reliance on e-commerce and home deliveries. In addition, many have turned their attention to online streaming services for entertainment. Ofcom has reported that Brits spent 40% of their waking hours watching TV during the height of the lockdown in April, with a further 12 million signing up to streaming services, like Netflix, Amazon Prime and Disney Plus.  But it only takes a spoof email from a seemingly legitimate account asking to confirm our payment or login details for fraudsters to collect all the information they require to hijack an account.

The global cybercrime net


Cybercriminals have experienced significant success throughout the pandemic, unlike that of most organisations up and down the country. For one thing, they feed off the increase in online activity forced on us by the pandemic.  For another, fraudsters have the capabilities of operating from anywhere in the world, applying the same scam and localising it to regional conditions. They can spoof the NHS or UK government, and then change tactics and pretend to be a foreign government, or another healthcare provider.

Whilst the COVID-19 pandemic, and the resulting shift in personal and business use of the Internet, has changed the security landscape in several ways, the risks are manageable for businesses and consumers – with good cybersecurity hygiene being important, now, more than ever. For large organisations, retailers, financial services and governments, it is essential to take a multi-layered approach – not just second-factor authentication – to ensure that all attack routes are continuously analysed and protected. Smaller organisations that don’t have the same resources should invest in small-business-specific technology that doesn’t require an in-house IT expert, but still includes a wealth of stiff security measures to provide comprehensive protection. Businesses both large and small should educate staff on common risks and easily-made mistakes, including using unique, complex passwords, applying two-factor authentication to accounts, using secure Wi-Fi to connect work devices when off office premises, using only software and hardware approved by IT for work and not clicking on links in unsolicited messages. 

For consumers, protecting all devices, including mobiles, is critical. People should also ensure they are running the latest software, apply patches as they become available and back up their data. This will make them less susceptible to – and be able to more easily recover from – attacks. It’s also important to use strong passwords and not blindly click through to website links from emails. In fact, it’s good practice to re-type an email address to avoid going through a malicious gateway.

Developing an online security culture and adopting some of the more basic cybersecurity thinking in our everyday lives, even as we transition into the new normal, will make us, both in a work and personal context, more resilient to how fraudsters are currently operating.


David Emm

David Emm is Principal Security Researcher at Kaspersky, a provider of security and threat management solutions. David joined Kaspersky in 2004. He is a member of the company's Global Research & Analysis Team (GReAT) and has worked in the anti-malware industry since 1990 in a variety of roles, including that of Senior Technology Consultant at Dr Solomon's Software, and Systems Engineer and Product Manager at McAfee.

Choose an AI solution to transform beyond technology

Kit Cox • 09th December 2024

The first step is knowing exactly what your business wants to achieve with AI; think faster, smarter and more efficient. Once you know what you are working towards, you can start looking for a solution that can help you make it a reality. AI integration can feel like a daunting task at the beginning, so...

A Roadmap to Security and Privacy Compliance

John Lynch Director of Kiteworks • 04th December 2024

Only by understanding the current regulatory environment and implementing robust data protection measures, can organisations enhance their security posture, ensure compliance, and build resilience against the latest cyber threats. This article provides a comprehensive roadmap of how to do it.

Data-Sharing Done Right: Finding the Best Business Approach

Bart Koek • 20th November 2024

To ensure data is not only available, but also accessible to those that need it, businesses recognise that it is vital to focus on collecting, sorting and governing all the data in their organisation. But what happens when data also needs to be accessed and shared across the business? That is where organisations discover a...

Nova: The Ultimate AI-Powered Martech Solution for Boosting Sales, Marketing...

Erin Lanahan • 19th November 2024

Discover how Nova, the AI-powered engine behind Launched, revolutionises Martech by automating sales and marketing tasks, enhancing personalisation, and delivering unmatched ROI. With advanced intent data integration, revenue attribution, and real-time insights, Nova empowers businesses to scale, streamline operations, and outperform competitors like 6Sense and 11x.ai. Experience the future of Martech with Nova’s transformative AI...

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...