"Never waste a good crisis", the saying goes and criminals are especially adept at this.
While many of us are concerned about what will happen next in this Covid-19 pandemic, scammers are busy profiteering. In the UK, for example, they had already lined their pockets with £1.6 million (Dh7.27m) of other people's money by the start of this month, according to Action Fraud. In the US, meanwhile, people lost $7m (Dh25.71m) to scammers in the first nine days of April, says the Federal Trade Commission, with projections putting the figure at $100m by July if losses continue at the current rate. Of course these figures do not reflect reality, because not everyone reports being scammed.
There has never been a more ripe environment for fraudsters to swoop in for pickings. Millions are panicked, they're looking for answers, and they don't know what's real. Politicians are urging caution, such as Canada's finance minister, Bill Morneao, who recently tweeted: “#ScamAlert: The Government is NOT sending text messages regarding the new Canada Emergency Response Benefit."
And then there's this type of scam: "Someone who came in contact with you tested positive or has shown symptoms for COVID-19 & recommends you self-isolate/get tested."
Messages like these can be found across the globe and contain a website link that claims to provide information. And you guessed it, the link is not legit. These types of scams get you to part with personal information that can lead to you losing money, or the links download malware that then infects your computer or phone and can steal data or spy on your activity.
It's one thing to read about this here, but entirely another to get the message yourself. Think about it – what would you do? Would your knee-jerk reaction be to click on the link?
Security researcher Digital Shadows says more than 1,400 domains linked to Covid-19 have been registered in the UK in the past three months. Many may be legitimate, but chances are some will be used to trick anxious people into thinking they’re genuine.
Scam artists are repurposing every trick in the book to suit these troubling times and benefit from mass terror.
They are asking for bank information to supposedly deposit aid, adding "processing fees" for fantasy benefits, and feeding off fear with emails that appear to be from the likes of the World Health Organisation proclaiming advice on how to stay safe and asking you to click on a link to a PDF for more information.
These are emails that come with a nasty payload of malware sending you to phishing sites. In some countries there are reports of criminals knocking on front doors offering to go shopping for people who are self-isolating at home. Others are related to online shopping scams involving sought-after items like face masks and hand sanitisers.
Fake lockdown fines is another one. The scam message claims to be from the government, telling the recipient their movements have been monitored through their phone and they must pay a fine or face a more severe penalty because they stepped outside during lockdown.
The UAE has already issued warnings to be cautious of links, social media posts and texts. Expatriates in the country often have slightly more complex financial structures in place – with bank accounts in more than one country and dependent family members who reside in different continents. This can make them more vulnerable to scams – more information to keep track of and bank accounts in different jurisdictions means more chance of being compromised.
So what can you do about it?
The main thing is to be ultra vigilant, but here's what you can look out for:
• Unsolicited emails and texts: be careful of anything you weren’t expecting that claims to be from a bank, or large, trusted organisations.
• An urgent tone: fraudsters prey on emotion and distress. They excel at creating phishing and smishing messages designed to scare you into clicking on their links.
• Grammar and spelling: if the phishing email claiming to come from the WHO or your bank is clumsily written and has errors such as no spaces after commas, don't click on any links.
• No name: legitimate emails from service providers you have accounts with will always address you by name.
• Fake domains: scammers often set up website addresses that look legitimate in order to trick you.
While we all like to think we process emails or text messages well and would not be caught out, it's very easy to click on a link without thinking, or as a reflex reaction to an emotional trigger.
All I can say is: stay safe, stay sane and stay switched on.