Cyber Exposure increased during Covid-19 lockdown

Covid-19 brings its own unique challenges to our businesses and amplifies existing Cyber threats. We are all rightly so distracted by the major global pandemic. Our businesses have had to react quickly and put into place new practices such as working remotely from home.

With huge increases in the number of people working from home our businesses are even more vulnerable to attempted fraud and the criminals are taking full advantage.

Last week alone Schofield Insurance Brokers have had 4 reports from clients regarding some form of cyber scam. One client had their email address duplicated and the fraudster emailed their customers requesting urgent settlement of an invoice. The email contained new bank details. The fraudster got away with £9,000. 

❓How Is This Likely to Have Happened❓

Scammers hack a companies email account (usually someone in the finance team) and it then sits undetected, monitoring the companies incoming and outgoing emails.  The fraudsters learn the writing style of the person that they plan to impersonate and pick up on things like recent holidays and general chit chat regarding the person’s life in general (they can use this to then validate their emails, such as “did you have a nice holiday to…..), then at the opportune time they will strike. This usually revolves around invoicing, perhaps a Friday or the end of the month. They will then monitor the emails with invoices attached and also review prior months sent invoices (to attempt to chase outstanding debt) and then a few days later will send a new email from a newly set up email account (that is almost exactly like the email address they are impersonating) chasing the payment and attaching a new invoice with amended bank details. Hoping the customer will make payment without any thought.

Cyber Fraud does not just impact on our business clients. The fraudsters target us as individuals as well so Schofield Insurance Brokers would recommend that we are all alert and aware of the dangers.

Most scams being seen to target individuals are phishing emails designed to trick people into clicking on a bogus link. However, other tactics are used too such as smishing and spear phishing

⁉️What is Phishing⁉️

Usually an illegitimate email is sent with the intention to get you to click on a link. This link will then download a virus on to your computer or send you to a website designed to capture your personal data or passwords.

These phishing attacks are becoming more sophisticated and it can be almost impossible to differentiate them from the real thing. It could be an email from your bank or someone you online shop with, a switch in your invoicing account details, a government rebate. They look and feel like the real thing.

The latest phishing scams all seem to involve Covid-19 in some form or another. The City of London police reported a 400% increase a result of Covid-19 related scams and the UK is proving to be the most targeted county. 
Some examples include online shopping scams involving high demand items, such as hand sanitiser and face-masks, fake lockdown fines, HMRC goodwill payments and even an email claiming to be from the World Health Organisation suggesting you download a PDF document with advice on how to stay safe during the outbreak.

⁉️What is Smishing⁉️

SMS equivalent to phishing. The malicious message appears on your phone as a text message often with a disguised phone number to make it look like it has come from a reputable source. It will invite you to click a link. Common smishing messages will look to have come from your bank, itunes or perhaps an online competition.

⁉️What is Spear Phishing ⁉️

Spear Phishing is a more direct form of phishing, this is where the email will target a specific person. Often the sender is shown as a specific person the receiver knows, for example a work colleague, a more senior employee or someone from the company IT or accounts department. The email may also contain other information about the receiver that has been obtained from the internet such as recent holidays or other key events. This is used to make the email seem more genuine.

There are some common signs to watch out for:

  • Authority – If you get an email claiming to be from your bank you should immediately be extra vigilant. Make checks on the authenticity. Contact your bank on your USUAL contact numbers not the one in the email. 
  • Urgency – Be wary of responding to anything that claims you must take action within a time period. Remember to carry out your checks, contact your Bank! If it’s from a utility provider or HMRC - is it expected? If not check!
  • Emotion – If the email makes you feel strongly about something: panic, anger, joy then there is a chance that it is trying to get you to respond before you have the chance to really scrutinise the logic behind the claims. The recent text message scam suggesting you’ve been fined for going outside is, when you’ve had the chance to calm down, clearly ludicrous. But it can make you angry and not think clearly. We are all under a huge amount of stress.

We have got used to using two-step authentication nowadays. This is where we sign in to a website and then a code is sent to your phone to authenticate it is definitely you trying to login.

So, do the same in reverse. When you receive an email or text from a company, call the company and check it’s a genuine request.

What to do if you’ve already clicked

  • If you’re on a work computer then let your IT department know immediately so that they can then fix it, do not try hide the fact you have done it, the quicker they know about it then the quicker they can stop anything further happening.
  • If you’ve given out your bank or other professional account details contact your Bank and let them know, request they put a freeze on your account before the scammer gets the chance to take advantage.
  • If you have had money removed from your bank illegally, this is a crime, so make sure you have alerted your bank but also report it via Action Fraud either online or over the phone on 0300 123 2040
  • Run your antivirus on your computer to see if it can find any malware or viruses
  • If you’ve given away passwords then you must change them immediately. Consider using a secure password generator in the future. If you use the same passwords for various websites change them all. 

Don’t be an easy target!

We’re making criminals lives much easier by regularly giving away our most personal information. This can then be used against us by demonstrating authenticity. In the worst case scenarios we give away enough information for fraudsters to access our accounts without further involvement.

  • Review your privacy settings on social media. Do you have to share everything publicly?
  • Do not take part in the posts inviting you to reveal your date of birth middle names etc. First letter of your middle name, month you were born or favourite colours, films etc. As fun as this might be, you are often providing characters of your passwords or pass phrases without even realising!
  • Check to make sure friend requests are genuine. Some fake profiles are designed to make you ‘Add friend’ when the real person is not even on social media
  • Flag suspicious emails by marking them as spam
  • Keep up-to-date. Make sure your computer is regularly updated and you have up to date antivirus software completing full scans periodically.

Cyber Insurance is now an essential protector for most businesses against many types of loss you may incur. As well as the above scenarios mentioned the increased risk of data leakage from employees home working must be recognised, managed and insured if required. A cyber insurance policy will help you in this area.

Please also see the "Little Book of Cyber Scams 2.0” produced by the Metropolitan Police - link here. This document provides some additional useful information and considerations and in a very interesting read!

If you would like any help with cyber risk and insurance, please contact your usual Schofield Insurance Brokers contact, alternatively please call the general office number on 01132500377. 


Covid-19 – An update on Government Grants, Furloughed Workers, the Self-Employed and Insolvency changes

As we all continue to live our life in ways we never anticipated, we wanted to offer our support during this challenging time.

As you are no doubt aware, we are seeing changes daily in how the Government are working hard to support us all. This is both on personal safety and also financial advice as well as support to help businesses through this unprecedented time.   

We are committed to keeping you up to date on any new developments that may affect you and therefore below have provided you some guidance which you may feel is beneficial.

Government Grants

All local authorities have said they will get in contact with those eligible for the grants, however some local authorities have set-up an online application process in order to speed the process up. We understand that we have clients all over the country however we have put a link to those local authorities close to where we are based and will hopefully be useful for the majority of our clients. If your local authority isn’t listed below then please either wait until they contact you or search for your own local authority online.

York City Council- https://www.york.gov.uk/COVIDBusinessGrant

Leeds City Council- https://forms.leeds.gov.uk/SmallBusinessGrants/

Bradford City Council - https://www.bradford.gov.uk/business/help-for-businesses/coronavirus-covid-19-support-for-business/

In order to apply you will need:

  • a business rates reference number of your company
  • a name on a non-domestic rates account for your business
  • bank account details for your business
  • a company registration number (if a limited company otherwise leave this box blank)

It is our understanding that most local authorities have started processing the grant applications. However, funding has not been made available to them from the government yet, so there may be a delay between the application being accepted and the grant being transferred.

Please click here to be directed to the official guidance document regarding these grants.

Coronavirus Job Retention Scheme/Furloughed workers

We understand that directors of limited companies will be able to furlough themselves, as long as they only undertake necessary statutory duties. They will not be able to carry out any actual work whilst furloughed. We are still waiting for this to be confirmed by either the government or HMRC and therefore it is subject to change. The minimum period that someone can be furloughed is 3 continuous weeks.

We have also had it confirmed that employees that have been furloughed will still be accruing annual leave as they would be if they were actually at work.

The law has been changed so that employees can carry up to four weeks annual leave over to their next holiday year. This has been designed to ensure that once the pandemic is over it prevents businesses facing a shortfall in employees due to them all taking their annual leave allowance before they lose it. This will also give employers more scope to be able to deny employees annual leave requests on those grounds.

HMRC have announced the initial information that they will require in order for employers to claim reimbursement through the portal for the Coronavirus Job Retention Scheme, please see these listed below:

  • Your PAYE reference number
  • The number of employees being furloughed
  • The claim period (start and end date)
  • Amount claimed (per the minimum length of furloughing)
  • Your bank details (account number and sort code)
  • Your name
  • Your telephone number

It is likely that they will request additional information before the portal goes live. HMRC will retain the right to retrospectively audit all aspects of claims.

Self employed

We would like to highlight a few points on this as we are aware that it may affect many of our clients.  The HMRC are going to contact those that are eligible to claim. Therefore, as it stands, if you think you are eligible to claim then there isn’t anything that you can or need to do at this stage, just wait until HMRC contact you. The following points were announced last week:

  • Self-employed people will be able to apply for a grant worth 80% of their average monthly profits over the last three years, up to £2,500 a month.
  • At least half their income needs to have come from self-employment as registered on the 2018-19 tax return filed in January - anyone who missed the filing deadline has four weeks from yesterday to get it done and still qualify.
  • The scheme is open to those who earn under £50,000 a year (total income, not just self-employment income)
  • Unlike the employee scheme, the self-employed can continue to work as they receive support.
  • The money, backdated to March, will arrive directly into people's banks accounts directly from HMRC, but not until June. This is subject to change and Rishi Sunak said that it may be earlier if they could get everything set up before then, but as ever there is also a chance that if could be later if they suffer any problems or issues. 
  • The grants will be taxable, and will need to be declared on 2020/21 tax returns that have to be filed to HMRC by the end of January 2022.
  • HMRC would be getting in touch with those that are eligible and therefore you don’t need to do anything until that time.
  • Company owners who pay themselves a dividend are not covered.
  • The scheme does not cover those who became self-employed very recently. It is understood to be those that registered as self-employed within the last year, who did not have not complete a 2018-2019 tax return, however this will be something that will be clarified once the full information has been published.
  • Please click here to see the information as stated on the governments website.

Insolvency rule change to protect UK businesses
On Saturday Alok Sharma, the UK business secretary, announced new insolvency measures to prevent businesses unable to meet debts due to the impact of coronavirus from being forced to file for bankruptcy. He said the wrongful trading law would be suspended to protect directors during the pandemic. The move will allow directors of companies to pay staff and suppliers even if there are fears the company could become insolvent. Changes include a temporary moratorium for businesses undergoing a restructuring process, during which time they cannot be put into administration by creditors and will continue to be able to access all raw materials.

Alok Sharma said legislation, which would retrospectively apply from the beginning of March, would be introduced at the “earliest opportunity”. However, he cautioned that “all of the other checks and balances that help to ensure directors fulfil their duties properly will remain in force”.  Wrongful trading was introduced into UK insolvency law in 1986 and makes it an offence for a company director to continue to trade if they know the business is unable to avoid going into liquidation.

Latest government information and advice

The government is constantly publishing more information and advice. Please click here and follow the relevant sections that you require to see the latest information and advice.

Please do not hesitate to contact us, initially via email as this is the best way to reach us.   All contact details remain the same.