Are we paying enough attention to fraudsters and cyber-criminals in the post COVID-19 world?

The COVID-19 pandemic prompted key social changes that have influenced new trends in criminal behaviour, with fraud and cybercrime increasing at far greater rates than predicted. 

Submit your details to access the full content


As an expert in fraud and cybercrime Peter Taylor has over 20 years' experience working both within the UK Police Force and independently as a private investigator. In this article he shares some insight into his recent research amongst criminal groups he has access to from his research and connections.

In 2020 everything changed because of the COVID-19 Pandemic. What initially seemed to be happening to other people elsewhere, impacted globally and severely in the UK - with the UK government imposing an unprecedented lockdown on the public to prevent the NHS being overwhelmed. There was no pretence that the economy would not adversely suffer or a definitive duration for the lockdown.

The words 'uncharted territory' and 'unprecedented' became universal across government and business. There were various actions taken to support individuals and businesses. Whether we believe they were unnecessary, welcome, or not enough they meant that huge sums of taxpayers' money are being paid out through loans, grants, and furlough or to underwrite borrowing via the British Business Bank.

Whilst lockdown initially made life difficult for criminals, the climate of fear, financial uncertainty, urgency, and despair that was widespread throughout the UK's population eventually played into the hands of fraudsters and cyber criminals.

"Now that we are begging to emerge from this initial period we need to take back control with some robust analysis and action and reflect on how those with criminal intent have exploited the situation."

The government's rush to get money to people who needed it meant that many counter fraud measures, and levels of due diligence, were understandably relaxed. This may have been a good thing as a temporary measure to ease the pain people were experiencing in the economy, but it has undoubtedly enabled more crime to take place. Now that we are begging to emerge from this initial period we need to take back control with some robust analysis and action and reflect on how those with criminal intent have exploited the situation.

We in the counter-fraud community predicted the key areas to alert government, business, and individuals about. These included fraudulent applications for the Bounce Back Loan Scheme (BBLS), COVID Business Interruption Loans (CBILS), Local Authority Grants, Furlough payments (while staff actually kept on working). We also correctly warned of increased Phishing activity to capitalise on people working remotely to compromise their devices and steal data.

Additionally with financial uncertainty and people in the general population becoming more financially vulnerable or desperate there was also the concern that people of good character would be much more willing to become involved in fraud - or at least ask less questions when asked to take payments into their bank accounts. Sadly it would appear that all of these have come to fruition.

To understand this a better an understanding of the criminal mind would seem to be of some use. To do this we need to actually go behind 'enemy lines' so to speak and see what's happening - and what is the perspective from the fraudster/cybercrime community.

As a specialist in threats from fraud and organised cybercrime I have looked into fraud within COVID-19 related areas, initially by looking at what was happening in countries in the vanguard of the pandemic, such as Italy, to understand what had happened there from a financial crime perspective.

Accounts from Italy began to emerge back in March 2020 of crime gangs approaching businesses that were struggling because of COVID-19 and making them an offer to buy their business. When a price was agreed the criminals were then able to use an established business to launder money and exploit it as a conduit to process receipts form other criminal activities. We have seen similar activities like this in the UK where not only are acquired businesses used to launder money, but are also being encouraged by criminal elements to apply for fraudulent grants, BBLS, CBILS, etc.

"Unsurprisingly the UK and USA cyber criminals are all describing government COVID-19 loans/grants as 'free money' ..."

To qualify for the COVID-19 loans/grants businesses in the UK must have been established before 1st March 2020. We now see Limited Companies with little or no trading history being advertised for sale on sites like eBay for thousands of pounds. The adverts often feature the date the company was registered (with dates like 2018 being favoured). In amongst the advertisements are the ominous words "never applied for a BBLS". Whilst the seller may not be committing any fraud directly these companies have become very attractive to the fraudsters.

While writing this article I spoke with a UK Police contact who informed me that they are aware of this issue, and one of the checks they now run is whether a company has a new Director, appointed within the last few months, and particularly where that person is making all the applications for COVID related loans etc.

The true impact of BBLS/CBILS fraud will not be seen until 2021 (or even later) when the loans become due and payments are needed. I think it's safe to say that we can certainly expect to see a wave of defaults, businesses that have closed, and Directors that can no longer be found.

Recently I have also spent some time researching the 'Dark Web' and criminal activity there, to see what's changed during this pandemic. Unsurprisingly the UK and USA cyber criminals are all describing government COVID-19 loans/grants as 'free money' - and planning to get their hands on as much of it as possible.

Not only are these organisations attempting to put in falsified applications for this support, but also target those businesses who haven't claimed grants and loans, and then claiming fraudulently on their behalf. They are also ramping up their use of false identities to make unemployment claims. In fact the USA Secret Service has recently alerted about organised scams claiming millions in unemployment benefits across various States - and even named a specific cybercrime gang, called Scattered Canary, as being one known such 'gang' behind it.

My sources also inform me that these gangs are currently making so much money that they don't currently have sufficient infrastructure to launder or 'cash out' their gains. There is therefore hope yet that some of these losses can be recuperated by law enforcement before it's too late. I know from my own previous research that 'cashing out' is one of the biggest obstacles that gangs face when they have generated illegal income. So recently acquired 'legitimate' businesses and intricate use of various forms of cryptocurrencies are all areas being considered by these types of organisation as a route to transfer their gains and get them into the legitimate financial world.

With remote working having become the norm 'Business Email Compromise' has also reportedly grown considerably. There has been a blaze of media coverage that COVID-19 headlines are being used in scam emails to target victims to open emails and download malware or provide information. Finding victims for this type of scam is a numbers game with high volumes of emails being sent out. When researching the issue with my contacts I was told that rather than it being new players getting into this market, existing groups have revisited this 'business channel' because by using COVID within the emails or texts they are now getting four times as many people responding.

Finally when it comes to identity fraud many fraudsters have been well aware of various tech companies developing solutions to address ID fraud and have been busy pre-preparing and using synthetic identities for use in fraud over the past 3 years. However, because of opportunities with grants, loans, and unemployment benefit many have kept to using genuine identities over the last few months - and amended information attached to that identity to meet eligibility criteria. Failing that just the ability to apply pressure to vulnerable people during a crisis (whether they be in struggling businesses or just vulnerable circumstances) is providing lots of opportunity for them during this health emergency.

My view however is that as the COVID specific fraud opportunities subside rather than sit back and enjoy their spoils these criminals will seek to maintain their level of activity and these pre-prepared synthetic identities will be a vital part of that as they seek to circumvent the various tech solutions being considered to address identity fraud.

As a final comment I asked Brett Johnson a reformed cyber criminal how he would describe COVID-19's impact on fraud. He said  "Usually you have desperate criminals trying to steal good people's money. Now the good people are desperate too, so they are easier to exploit and harder to spot."

Banks or any other financial institution's interested in having a deeper conversation on our research and development in this area should get in touch with our Product Development team and by emailing or call 0333 234 3414

Links for sources

  1. Mafia and COVID-19

  2. Nigerian Fraudsters Scamming the Benefit System in the COVID-19 Pandemic

Downloading the full edition of Connect

If you would like to read the full edition of Connect, click here to download it >

In this issue:

  • Is APP Fraud and Payee Authentication likely to be the most pressing fraud issue in 2021?

  • How to build an effective CBIL/BBLS loan recovery strategy

  • How are financial criminals using COVID-19 to adapt their operations?

  • Discover the latest National SIRA fraud trends for 2020

  • Find out how Allianz is using SIRA RTQ to create an award winning policy screening solution

  • Yoti discuss the future of digital onboarding customers

  • VRS' update on helping to identify and protect the financially vulnerable

Time to connect