The World Wide Web (www) celebrated its big 3-0 last year, and in those 30 years it has transformed the way we communicate, socialise and do business. Small businesses have undoubtedly benefited from the digital big bang, but firms that go online also open themselves up to relentless and ever-changing cybercrime. During the COVID-19 pandemic, there has been a rise in scam emails, texts and calls, as criminals look to exploit the public health crisis. With more people working from home, and employees using new software and devices outside of the oce, many businesses are facing fresh cyber-security challenges. Among the scams that have been used to try to defraud businesses over the past few months are: HMRC tax refund and goodwill payment scam Emails tell people the government has taken urgent steps to list coronavirus as a notifiable disease in law and that they are due a tax refund. This is not true: it is a scam to get you to submit details to the criminal who sent the email or to click on a link. A similar scam touting a goodwill payment has been reported by the Metropolitan Police. With more people working from home, and employees using new software and devices outside of the oce, many businesses are facing fresh cybersecurity challenges World Health Organization (WHO) Stay Safe scam This scam is commonly seen via email and tells the recipient they can read a free guide from the WHO containing advice on staying safe during the pandemic. The email is not from the WHO; the link is a ploy by criminals to obtain users details. UK government Lockdown fines scam There have been reports of bogus text messages, seemingly from the UK government, saying you have been fined for being out of your home during the lockdown and trying to solicit payment. Do not reply or click on any links. Scams relating to free school meals and the sale of in-demand products such as hand sanitiser and face masks have also been reported. Passwords are key Make sure you have secure passwords. Use three random words that only mean something to you and that will be easy to remember. For example, your first child was born in hospital and the room had blue walls; on that day it was raining and you spilt your coee on the floor your password might be BlueRainCoee. It would take a super-computer 800,000 years to break that password! How to protect yourself Be wary of messages that: n Are unsolicited and claim to be from a credible organisation, such as a bank or credit card company, or a government department n Dont use your proper name, but instead have a vague greeting, such as Dear customer or Dear Sir/Madam n Request personal information such as your username, password or bank details n Are poorly written or contain spelling mistakes (not all of them do though) Do not open or forward emails that you suspect might be a scam, and never visit a website from a link in an email and then enter your personal details. What else can you do? Report the crime via the Action Fraud website or by calling 0300 123 2040. You can also follow Action Fraud on Twitter for up-to-date information on COVID-19 fraud. Check the credibility of communications from the government, and look at examples of HMRC-related phishing or bogus emails or text messages. FSB members can also access its Cyber Security support, which includes a helpline staed by experts. For more information, contact karen.woolley@fsb.org.uk Credit: Karen Woolley, development manager, Federation of Small Businesses Image: iStock / illustration n The National Trading Standards Scams Team has launched a new Businesses Against Scams initiative see the News pages for more details. Four common frauds and how to defend against them Phishing scams, or smishing in the case of SMS-based scams, are used by cyber criminals to access valuable information such as usernames, passwords or account details. Senders will typically ask you to click a link to a website that has been designed to harvest credentials, or to open an attachment which is usually malicious software (malware) that then infects devices. The four most common scams your business may encounter are: Government grant/tax-refund schemes Invoice/mandate scams CEO scams Tech support scams Government grant/tax-refund schemes What is it? Businesses are contacted by government imposters suggesting they qualify for a special COVID-19 government grant or tax refund. What to do: Be cautious about any unexpected communications oering financial assistance. Use ocial government websites to verify the information. If you see a link included in your communication, it is almost certainly a scam aimed at harvesting your personal information. HM Revenue and Customs will never include a link to access your tax account in any communication it sends to you. Instead, it will ask you to log on through your Gateway. Invoice/mandate scams What is it? Someone claiming to be from a supplier contacts you to say their bank details have changed and asking you to change payment details. What to do: Never rush payments. Use contact details that you already hold, or that have been obtained independently, to check this information. Dont call the number or reply to an email with your email details, as these may be fraudulent. CEO scams What is it? This scam targets company directors or senior managers. An employee receives a call from someone claiming to be the business owner or a senior sta member and asking for an urgent payment to a new account. What to do: Make sure your sta understand they need to be cautious about unexpected urgent requests for payment. Tell them to check directly with the person the caller is purporting to be and to carry out due diligence. Tech support scams What is it? Cyber criminals impersonate well-known companies and oer to repair devices. By trying to gain access to your computer or login details, they can search the hard drive for valuable information. What to do: Always be suspicious of cold callers. If a pop-up or error message appears with a phone number, dont call the number. Be wary of downloading software from third-party sites, as they might have been modified to bundle support scam malware and other threats. For further information, please contact your local Trading Standards Service