Fraudulent Times … · The next step to avoiding scams is to know how to protect yourself. While...
Transcript of Fraudulent Times … · The next step to avoiding scams is to know how to protect yourself. While...
In this issue…
PAGE 2 Fake COVID-19 testing
PAGE 3 Phishing texts circulating
PAGE 4 Beginners guide to scams
PAGE 5 Scam updates
PAGE 6 Coronavirus scams
PAGE 7 Security matters
PAGE 9 NHSCFA guidance
Welcome to the latest
edition of Fraudulent
Times.
This newsletter has been designed to highlight areas of fraud within the NHS and to help you understand why we need to combat it effectively. By raising awareness of fraud cases it will help you to identify what fraud is and where it is most likely to occur.
As always, I hope that you will find our newsletter a useful and interesting read. We value feedback on the content so if you have any comments or suggestions for topics in future editions please email these to us at the address at the bottom of the page.
Craig Bevan-Davies
Assistant Director
Anti-Crime Services
360 Assurance
If you wish to report any concerns regarding fraud, bribery or corruption, please contact a member of our team (details can be found on the back page), ring our reporting line on 0115 883 5321, or contact the NHS Counter Fraud Authority Reporting Line on 0800 028 4060.
ISSUE 49 June 2020
A Newsletter from your Counter Fraud Specialist
[email protected] © 360 Assurance, 2020. All rights reserved.
Fraudsters have been quick to latch on to the coronavirus outbreak, with fake Centres for Disease Control emails and other scams already tricking the UK public out of £800,000, according to the police.
The National Fraud Intelligence Bureau (NFIB) have issued an urgent scam warning after identifying 21 cases of fraud involving coronavirus in February. Ten of the frauds involved desperate buyers of face masks, with one person paying £15,000 for masks that were never delivered.
Other frauds involve emails and texts purporting to be from research organisations affiliated with the Centres for Disease Control and Prevention and the World Health Organisation.
The NFIB said: ‘They claim to be able to provide the recipient with a list of coronavirus infected people in the area. In order to access this information, the victims needs to click on a link, which leads to a malicious website, or is asked to make a payment in Bitcoin.’
It added that it expected to receive many more reports of fraud as the coronavirus spreads globally.
The advice to consumers is not to click on links or attachments in suspicious emails, and never respond to unsolicited messages and calls that ask for personal or financial details. For a full breakdown of advice in relation to scams see page 4. (The Guardian, 2020).
Fraudulent Times
POLICE ISSUE WARNING AGAINST
CORONAVIRUS FRAUDSTERS IN UK
FraudulentFraudulent TimesTimes @NHSCounterFraud
The NHS Counter Fraud Authority (NHSCFA) recently launched an
expanded NHS Fraud Reference Guide. The guide is a simple but
essential way in which you can help in knowing how to spot NHS
Fraud. It contains information on different types of NHS fraud and
preventative advice, case studies and further resources. The guide contains new sections such as a
detailed look at 13 key areas of fraud, information on how to spot fraud, case examples and preventative
advice. The 13 key areas include procurement and commissioning fraud, pharmaceutical contractor
fraud, NHS staff fraud, EHIC fraud, fraudulent access to NHS care, NHS pension fraud and NHS student
bursary fraud.
You can find the expanded NHS Fraud Reference Guide here.
NHSCFA FRAUD REFERENCE GUIDE
The BBC has aired a second series of “Fraud Squad”, a series following the investigators
tracking down the criminals who steal £1.25 billion every year from the NHS—from organised crime rings
to NHS staff themselves. You can catch up on BBC iPlayer here: https://www.bbc.co.uk/programmes/
b0c2p9wb
Did you know?
A man has appeared in court charged with making fake kits which claimed to treat Covid-19.
Frank Ludlow, 59, was arrested in a Post Office near his home in West Sussex by the City of London
Police’s Intellectual Property Crime Unit after it was contacted by US counterparts.
The kits allegedly contained harmful chemicals which people were being told to use to rinse their mouths
with. Mr Ludlow has been charged with one count of fraud by false representation, one count of
possession of article for use in fraud and one count of unlawfully manufacturing a medicinal product.
He appeared before Brighton Magistrate’s Court and was remanded in custody until 20th April 2020.
Police officers have urged people to
seek advice only from registered
healthcare professionals. Tariq
Sarwar, from the Medicines and
Healthcare Products Regulatory
Agency, also said that people should
only buy medicines they need from
an authorised seller.
He added when buying online to
beware of illegitimate websites and
suspicious URLs. (BBC News, 2020)
CORONAVIRUS: MAN IN COURT OVER FAKE COVID-19 TREATMENT KITS
@NHSCounterFraud
FraudulentFraudulent TimesTimes @NHSCounterFraud
From websites selling fake COVID-19 blood screening tests taken down by several EU Member States’ law
enforcement authorities, to the seizure of substandard facemasks originating from Brazil, and the sale of
chloroquine via instant messaging apps: counterfeiters have been quick to cash in on COVID-19. The
outbreak of the coronavirus crisis has offered an opportunity for fast cash, as criminals exploit shortages
of genuine products and the anxieties of regular citizens. The profits generated by these criminals during
this time of crisis are likely very substantial, as these criminal operate in complete disregard of the health
and well-being of us all.
In a report published on 17th April 2020, Europol provided an up-to-date threat picture of counterfeiters
during the COVID-19 crisis. All information within the report is based on contributions from EU Member
States and Europol’s partner countries. Key findings from the report are detailed below.
The organised crime groups involved in the production and distribution of counterfeit goods have
once again proven highly adaptable in terms of shifting product focus, marketing and packaging to
suit or shape current demand. However, the main countries of production have remained the
same.
While some product offers for counterfeit goods related to the COVID-19 pandemic have appeared
on the dark web, the product offerings available there remain limited compared to the surface web,
which continues to host the primary distribution platforms for counterfeit goods.
Some of the platforms used to advertise and sell counterfeit goods pre-date the COVID-19
pandemic and have been monitored by law enforcement authorities. In addition to these
established platforms, a significant number of new websites were established for the express
purpose of profiting from the pandemic. These websites sell fake COVID-19 home test kits and offer
unconfirmed and often false advice on the treatment of COVID-19.
Some criminal groups may seize opportunities during the COVID-19 crisis to offer counterfeit or
substandard food items more widely due to increased demand following some citizen’s fear of
perceived food shortage.
Particular attention should be paid to developments and criminal innovation if a genuine vaccine
for COVID-19 is developed as this will likely prompt a wave of offers for counterfeit vaccines.
(Europol, 2020)
VIRAL MARKETING: COUNTERFEITS IN THE TIME OF PANDEMIC
Employees within the 360 Assurance client base have reported receiving a phishing text that reads:
’Donate to the NHS Charities Together Covid19 Fund and receive a home testing kit free of charge.’ The
sender is ‘NHSFund’. If you receive this text message please do not click on the link as the text message is
fraudulent. If you suspect fraud, bribery or corruption at work then this should be reported immediately
to your organisation’s Counter Fraud Specialist. For any concerns at home please contact Action Fraud on
0300 123 20 40 or report online at https://reporting.actionfraud.police.uk/login
CORONAVIRUS PHISHING TEXTS CIRCULATING
@NHSCounterFraud
Scams are getting more and more sophisticated, particularly when it comes to targeting you online and
through mobile devices. That’s why we think it is important that you know how you can recognize a scam, how to protect yourself and what you should do if you are a victim or have been targeted.
Scams can come in many forms, but are all designed to get hold of your money. They can do this by
getting you to reveal your personal details, stealing your information, or getting you to willingly hand over
the cash.
The tactics used by scammers and fraudsters can vary from someone coming to your front door to an
unexpected phone call. The internet and advances in digital communications have opened other ways for
scammers to target you and steal information. Chances are, you’ve come across the most common type
of scams—the spam email from a foreign prince or claiming to be from HMRC or your bank. However, while mail scams can be quite easy to spot and avoid, others are much more sophisticated.
Knowing what to be on the lookout for when it comes to scams is one of the best ways to protect
yourself.
Unsolicited or unexpected contact. If you have received any kind of contact, but particularly a phone call, out of the blue, it is best to avoid it. Since January 2019, there has been a ban on cold
calling about pensions. This means that you should not be contacted by any company about your
pension unless you’ve asked them to.
Email address. If you get an email, expand the pane at the top of the message and see exactly who
it has come from. If it is a scam, the email address that the message has come from will often be
filled in with random numbers, or be misspelled.
If it sounds too good to be true, it usually is. This is something you will normally find with pension or investment scams, where the fraudster guarantees you huge returns, but tells you it is low risk.
Personal details, PIN codes and passwords. These are things no legitimate company will ask you for.
Quick decisions. If you are pushed into making a decision on the spot, be suspicious. Scammers
don’t want you to have time to think about it.
Random competitions, particularly if you don’t remember entering them, should ring alarm bells.
You can find a more comprehensive list of the warning signs for specific types of scams here.
The next step to avoiding scams is to know how to protect yourself. While some of these are good advice
in general, many are aimed at keeping you safe online.
Avoid any unexpected contact. Any phone calls, letters, emails or people knocking on your door
should be ignored.
Never give out personal information. This could be used to steal your identity and access accounts.
Keep operating system and virus protection software up-to-date. Don’t ignore updates as these can
often include patches to protect against new kinds of scams, viruses and ransomware. This goes for
mobile devices as well.
Make sure all accounts have a strong password. Don’t use the same password for multiple accounts.
If you think that you have been scammed you should report it immediately to Action Fraud on 0300 123
2040 or use the Action Fraud online reporting tool.
A BEGINNERS GUIDE TO SCAMS
FraudulentFraudulent TimesTimes @NHSCounterFraud
@NHSCounterFraud FraudulentFraudulent TimesTimes @NHSCounterFraud
Warning about false Danske bank messages
Action Fraud are aware of a rumour currently circulating via
WhatsApp, SMS and social media which references the City of London
Police Fraud Team and claims that Danske Bank customers are being
targeted by a particular text message (smishing) scam. The content of
this message is false.
However, smishing scams are common. It’s important that you
remember that your bank would never ask you to move money out of
your account, or contact you out of the blue and ask for details such
as your full banking password or PIN.
Anyone who has divulged information after receiving this type of
message should contact their Bank immediately. (Action Fraud 2020)
Spoof Government Websites and Communications
A number of scams spoofing government websites and communications have recently been revealed.
Between Saturday 11 April and Tuesday 14 April 2020, Action Fraud received 23 reports of phishing
emails that purported to be sent from HMRC. The emails stated that the recipient was eligible to receive
a tax refund of up to £775.80. To complete the refund, recipients were asked to send proof of identity
and proof of address. Documents that were suggested included a person’s passport and a utility bill.
Between Wednesday 8 April and Thursday 16 April 2020, Action Fraud received 131 reports of phishing
emails in the style of official ‘GOV.UK’ emails and using the same logo and branding. These emails told
the recipient that they could get a reduction in their council tax because they were on low income or
receiving benefits. A link was provided for recipients to claim for their reduction which, they are told, will
be transferred directly to their bank account.
HMRC branded emails asking recipients to send copies of their passport, utility bills and bank statements
via a link to an infected site. Other variants of HMRC branded emails target businesses in relation to tax
returns and the Coronavirus Job Retention Scheme, These emails divert to fake websites to obtain
personal details.
UK Government free school meal scam emails, stating the following: ‘As schools will be closing, if you’re
entitled to free school meals, please send your bank details and we’ll make sure you’re supported’. The
UK Government has confirmed this is a scam email.
Commander Karen Baxter, City of London Police, National Lead Force for Fraud said: ‘It is extremely
important that if you receive an email or text out of the blue that you are not expecting, you don’t click
on any links or attachments . Instead, visit the official GOV.UK website by typing it directly into your web
browser so that you can ensure the information you are seeing is genuine. (Action Fraud, 2020)
SCAM UPDATES
@NHSCounterFraud
FraudulentFraudulent TimesTimes @NHSCounterFraud
Healthcare bodies, medical research organisations, pharmaceutical companies,
academia, and local governments have all been targeted. Most of these attacks used
‘password spraying’ to gain access to a large number of accounts. Europol reported that the Czech
Republic highlighted a cyber-attack on Brno University Hospital which forced the hospital to shut down
its entire IT network, postpone urgent surgical interventions and re-route new acute patients to a nearby
hospital.
Did you know?
Unfortunately, there are a small minority of individuals who will seek to exploit the COVID-19 outbreak to
line their own pockets. In fact, your Counter Fraud Specialist has been made aware of a number of scams that specifically relate to the COVID-19 pandemic. We have listed some below for you to be wary of,
however, this list is far from exhaustive.
TV Licensing: We’ve seen as many as four different TV license phishing emails in the last few weeks, some much more convincing than others. These fake emails
include claims that the TV license is about to expire and need to be renewed or
that the payment method has expired .
Virgin Media: Reports have been received of emails purporting to be from Virgin Media, informing recipients that their bill is ready. The emails include information
on how Virgin Media are responding to the COVID-19 outbreak. Other emails
advise the recipient that their account will be frozen because their payment
details could not be validated. Recipients are asked to click on a link to re-validate and amend their billing details. The links provides an opportunity for fraudsters to
steal email passwords and personal details.
EE: We have been made aware of spoofing messages purportedly from the UK’s
largest mobile phone network which try to steal personal information. The emails
use official EE imagery, luring victims with the subject line “View Bill—error” and
report that there has been an issue with the customer’s payment urging them to
update their details with EE. Once victims click the fraudulent link they are taken to a phishing page.
Amazon Prime: There have been reports of customers receiving automated phone
calls purporting to be from Amazon, telling them their Prime membership is set to
be renewed. The automated call tells customers that £79.99 will be debited from
their bank account for the renewal. Amazon Prime generally costs £7.99 a month,
and is billed on a monthly basis. The fraudsters give people the option of
cancelling the subscription over the phone. They are told to “press one” in order
to cancel the transaction. Upon doing this the victim is directed to a fraudster who is posing as an Amazon customer service representative.
HSBC: We have been made aware of emails purporting to be from HSBC which
claim to provide all customers with £500 due to the pandemic. Other banking emails state that the recipients account is compromised and require a new
account to be created for funds to be transferred.
WASH YOUR HANDS OF CORONAVIRUS SCAMS!
Telephone: 0115 883 5317
Mobile: 07920 711 764
Email: [email protected] or
Kelvin is responsible for the oversight of all Security
Management work we undertake.
We currently provide full Security Management
Services to all Nottinghamshire, Derbyshire and
Leicestershire CCGs.
Kelvin Langford
Principal Anti-Crime Specialist
(Security Management)
Security Matters
Secretary of State for Health and Social Care, Matt
Hancock, writes to all NHS staff about the problem of
violence faced by those working for the NHS. The letter
refers to the 2019 NHS Staff Survey which showed that
15% of NHS staff experienced physical violence from
members of the public and patients in the past year.
He highlights how going forward the NHS has joined forces
with the police and the Crown Prosecution Service to
approve a joint agreement on offences against emergency
workers. This will ensure that those who act violently and
with criminal intent towards NHS staff are swiftly brought
to justice.
It is essential that all leaders in the NHS at every level
support their staff, including enabling them to access any
training they need and use the full weight of the law, when
necessary, to protect their workplace. You can read the full
letter to the workforce, as published on 18 February 2020,
here.
VIOLENCE AGAINST NHS STAFF: LETTER TO THE
WORKFORCE
Since the coronavirus pandemic landed in Britain, NHS workers have suffered a number of thefts and
attacks from the public including two doctors who were approached for their ID badge in a failed
mugging; nurses being called ‘disease spreaders’ and being heckled in the street; a troll telling a
Staffordshire paramedic she ‘was the reason the COVID-19
death toll rises’ after she posted a viral selfie; and pharmacists
being intimidated and sworn at by customers.
As a response to the increasing levels of violence hospitals are
warning workers not to wear their uniforms in the street and
to cover their security lanyards/badges amid a spike in abuse
aimed at NHS staff. (Daily Mail, 2020)
FraudulentFraudulent TimesTimes @NHSCounterFraud
NHS STAFF ARE WARNED ABOUT ATTACKS DURING THE CORONAVIRUS PANDEMIC
@NHSCounterFraud FraudulentFraudulent TimesTimes @NHSCounterFraud
A man who claimed to have had COVID-10 has been jailed after coughing on Derbyshire police officers.
The incident happened on Thursday 2nd April in Swarkestone, South Derbyshire after police were called
following reported from members of the public that a man was being abusive and threatening.
When the officers arrived, they found a man carrying a two inch piece of wood and waving it above his
head in a threatening manner. He was arrested and the piece of wood taken off him. Whilst the officers
spoke to the man and asked if he was, or had been suffering from the virus, he replied: ‘I’ve already had
it, I’ve got over it and now I am a super spreader so…’ He then coughed in the direction of three officers.
The subject, Christopher McKendrick, who is 58 years old and lives in Swarkestone, was arrested. He was
later charged with offences: common assault, possession of an offensive weapon in a public place, assault
by beating of an emergency worker, and using threatening, abusive and insulting words or behaviour to
cause harassment, alarm or distress.
Mr McKendrick appeared at Southern Derbyshire Magistrate’s Court on Friday 3rd April where he
pleaded guilty to the offences. He was jailed for a total of 16 weeks and ordered to pay a victim surcharge
of £122.
Inspector Chris Thornhill, who is in charge of policing in South Derbyshire, said: ‘I am pleased that the
courts have taken swift and decisive action in this case, my officers are on the front-line and are putting
themselves at risk to protect others. They spoke to the arrested man to get information that would help
protect them and others and did not deserve the response they got from him. (Derbyshire Police, 2020)
MAN WHO CLAIMED TO HAVE COVID-19 JAILED AFTER COUGHING ON DERBYSHIRE POLICE OFFICERS
A man has been charged with fraud after allegedly spending six free nights at a hotel by claiming to be an
NHS worker.
Ben Quince checked into the Casa Hotel in Lockford Lane, Chesterfield, at the end of March on a floor
reserved for NHS staff. He stayed their for six nights and allegedly told staff he worked in the A&E
department at Chesterfield Royal Hospital.
The hotel is offering complimentary lodgings for health workers during the coronavirus pandemic. Mr
Quince, of no fixed address, has been charged with fraud by false representation. He appeared at
Southern Derbyshire Magistrate’s Court on Monday 6th April and was bailed to appear again at a later
date. (Independent, 2020)
MAN CHARGED WITH FRAUD AFTER PRETENDING TO BE AN NHS WORKER TO GET SIX FREE NIGHTS AT
A HOTEL
The Chartered Institute of Public Finance and Accountancy (CIPFA) have issued
guidance around protecting your supply chain from fraud. The document sets out fraud risks to be wary
of including mandate fraud, fictitious and unqualified suppliers, conflicts of interest and kickbacks. The
document also highlights how you can help protect your organisation from fraud. The key points made
are to always trust your gut, if something looks too good to be true, it probably is! Always make sure you
document all decisions and to not be pressurised, not everything needs to be procured quickly.
Did you know?
@NHSCounterFraud FraudulentFraudulent TimesTimes @NHSCounterFraud
The NHS Counter Fraud Authority (NHSCFA) have produced an array of COVID-19 guidance on their public
facing website. The information covers a number of key fraud risk areas in light of the current COVID-19 pandemic. You can view the NHSCFA’s website here, or alternatively use the links below to direct you to
specific guidance pages.
Protecting the NHS from fraud during COVID-19.
Emergency measures taken during the coronavirus
pandemic may pose an increased risk of fraud to the
NHS. This page provides advice and guidance for the NHS on emerging fraud risks relating to COVID-29, as
well as links to resources by stakeholders which may
able be helpful.
Mandate fraud risks. The guidance on this page is for
those staff working within NHS procurement, finance
and payroll teams, particularly those responsible for
setting up bank account details and processing bank
payments. It is important that managers and staff
remain vigilant as ever when paying suppliers as
analysis indicates that vulnerable periods—such as the COVID-19 pandemic—are more at risk for
mandate fraud to occur within the NHS.
Procurement fraud risks: staying vigilant. This page provides guidance to senior managers and staff of the
most prominent procurement fraud risks during the
COVID-19 pandemic. The NHSCFA’s immediate
concern is the relaxation of procurement rules and practices to allow NHS bodies to procure goods,
services and works with extreme urgency.
NHS recruitment fraud risks. The guidance on this
page is for staff working in NHS recruitment, human
resources and administration. It is important that
managers and staff remain alert to the possibility of false identity documents, false right to work
documents, failure to declare criminal convictions
and false qualifications.
NHSCFA PUBLISH COVID-19 GUIDANCE
Anti-Crime Contacts Craig Bevan-Davies (Assistant Director Anti-Crime)
The strategic head for all counter fraud and anti-crime work. Also responsible for: Sherwood Forest Hospitals NHS Foundation Trust,
Nottingham City Care Partnership.
0115 883 5323 [email protected]
07785445905
Matthew Curtis (Anti-Crime Team Manager) Responsible for: Leicestershire Partnership NHS Trust, Leicester City CCG,
East Leicestershire and Rutland CCG, West Leicestershire CCG.
0116 295 6905 [email protected] 07920138329
Joanna Clarke (Principal Anti-Crime Specialist) Responsible for: Nottingham University Hospitals NHS Trust
0115 883 5321 [email protected] 07816272666
Robert Purseglove (Principal Anti-Crime Specialist) Responsible for: Sheffield Health and Social Care NHS Foundation Trust,
Chesterfield Royal Hospital NHS Foundation Trust, Sheffield CCG, The One Health Group
01709 428 702 [email protected] 07827842964
Ian Morris (Anti-Crime Specialist) Responsible for: Lincolnshire Partnership NHS Foundation Trust, East Midlands Ambulance Service NHS Trust, Derby and Derbyshire CCG
0115 883 5319 [email protected] 07920138606
Claire Croft (Anti-Crime Specialist) Responsible for: Barnsley Hospital MHS Foundation Trust, Sheffield
Teaching Hospitals NHS Foundation Trust, Rotherham CCG
01709 428 710 [email protected] 07920138354
Liz Coleman (Anti-Crime Specialist) Responsible for: Nottinghamshire Healthcare NHS Trust, University
Hospitals of Derby and Burton NHS Foundation Trust, Derbyshire Healthcare NHS Foundation Trust
0115 883 5320 [email protected]
07785692226
Chris Taylor (Anti-Crime Specialist) Responsible for: DHU, Sheffield Children’s NHS Foundation Trust, Bassetlaw
CCG, Barnsley CCG
01709 428 701 [email protected] 07342072907
Amanda Smith (Anti-Crime Specialist) Responsible for: Rotherham, Doncaster and South Humber NHS Foundation
Trust, The Rotherham NHS Foundation Trust, Doncaster CCG
01709 428 701 [email protected] 07920138323
Taelor Martin (Anti-Crime Specialist) Responsible for: Nottingham and Nottinghamshire CCGs. Also provides
support for: Sherwood Forest Hospital NHS Foundation Trust and Nottingham City Care Partnership.
0115 883 5323 [email protected]
07464251746
Shaun Fleming (Bank Anti-Crime Specialist) Responsible for the general support of all anti-crime work.
24 Hour Hotline: 0800 028 40 60 Online Reporting Tool:
https://cfa.nhs.uk/reportfraud
FraudulentFraudulent TimesTimes @NHSCounterFraud