New research indicates that businesses in the UK applying to the government for support during the coronavirus pandemic are facing an increased risk from schemes using email fraud tactics.

The investigation conducted by cybersecurity experts has uncovered that around 80% of banks accredited by the government for the Coronavirus Business Interruption Loan Scheme (CBILS) could potentially be placing loan applicants under threat of attacks employing email fraud when they are applying for assistance.

Essential levels of fraud protection

Out of 64 banks accredited by the UK government, only 13 have DMARC (Domain-based Message Authentication, Reporting and Conformance) measures in place. This crucial level of protection is designed to reduce risks of email fraud for clients and customers by preventing threat actors from spoofing organisation identities in attempts to defraud their intended victims.

Hackers routinely employ spoofing tactics to impersonate reputable institutions, government departments and established enterprises, including financial organisations and banks. This is typically achieved by cybercriminals sending out emails from what appears to be a legitimate address with which recipients are familiar. The spoof communications can be so well executed that they are near impossible to differentiate from an authentic email for an ordinary user without professional training in cybercrime tactics.

The statistics uncovered by the security report indicate that 80% of the banks accredited by the scheme are not currently taking a proactive stance in blocking fraudulent communications from reaching victims. Furthermore, 61% of the 64 government authorised banks do not possess any published record for DMARC whatsoever, which renders them extremely vulnerable to attacks using an impersonation ploy.

The ideal environment for cybercrime

The COVID-19 outbreak is providing threat actors with an abundance of opportunities to employ their criminal strategies. From companies struggling to implement security measures for remote workforces to the chaos many governmental and financial bodies have been plunged into as they rush to aid enterprises economically, the current climate is ripe for attacks. The volume of cybercriminal schemes related to COVID-19 has been increasing rapidly in the last few months, with hackers exploiting the situation to infiltrate enterprises and con victims out of finances and company data.

To combat the higher risks, institutions and organisations should remain vigilant and question any communication that requests that financial information or personal details to be submitted. All company personnel should be warned of potential threats and advised to disregard and report any instructions received via email. Financial organisations like banks will never ask recipients for confidential and personal information through this channel, making it easy to spot such an attack.

Additionally, those operating businesses should never click on and open links inserted in emails, even if the sender appears to be official. Before clicking any suspect links, it is a wise move to first corroborate its legitimacy by requesting verification from a trusted and official source. As well as this, recipients should be watchful of errors in grammar and spelling, as this is a tell-tale sign of a spoof email.