From video calls and social media to online shopping and banking, the coronavirus pandemic has made the online world even more vital to everyday life. But that also means we have to be more vigilant online, as scammers looking to steal our personal information and our money adapt their techniques to the current COVID-19 crisis. In fact, the UK is the most targeted nation for COVID-19 related email spam, with 20.8% of all coronavirus related spam being sent to UK email addresses. We've talked to experts on scams and cybersecurity, so click or scroll through to find out more about the tell-tale signs to look out for and how to keep yourself safe.

Phishing is one of the oldest online scams in the book, where a fraudster impersonates a legitimate company, or more recently organisations such as the WHO or a country's government (see pictured), via email. The message might ask the sender to correct a mistake in their login details, or to open an attachment or link for advice on the pandemic or the latest statistics on the COVID-19 outbreak. However, they will instead be directed to a bogus page that allows attackers to steal their personal information. Security company Sophos estimated that at the end of March this year, 3% of all global spam was related to coronavirus.

According to Robert Pritchard, founder of consultancy firm The Cyber Security Expert, these scams can be difficult to spot. “Some are super obvious because they’re really poorly spelt and don’t make any sense. Yet others are perfect. There’s no consistent thing to look for.” But there is one thing they all have in common: a sense of urgency. “These emails always use hooks, wanting you to make a decision quickly or get you worried about something,” Robert adds. The pictured "all staff" email with advice on the pandemic looks like it could be from a genuine address – ending careyn.nl – but the poor use of grammar and spelling (highlighted in red) reveals that it's in fact bogus. The link "SURVEY/SEMINAR" will take you to a page that asks you to enter personal information, details the scammers plan to steal.

So you’ve received an email that you think may be a scam – what now? Deborah Vickers of financial website MoneyGuru says: “Don’t provide any sensitive data to anybody.” If you’re not sure if an email or a phone call is legitimate, verify it. And it's not just through emails that they can catch you with dodgy links: UK resident Doug Varey was tricked out of $5,200 (£4k) after he clicked on a pop-up advert for computer security protection. It offered 12 years' worth of protection at $723 (£556), after which the so-called security firm called him up saying someone was trying to take his data, advising him to pay the $5,200 (£4k) to end the issue. The fraud case was investigated by the British and Indian Police along with Microsoft, who managed to shut down the criminal operation in Kolkata following a four-year investigation.

It sounds a little like phishing, and that’s because it is. But pharming is a little more sophisticated, meaning it can be harder to get caught out. Essentially, it’s where a legitimate website, often an online banking or e-commerce site, is manipulated to direct you to a fake site. The bogus site either installs malware on your computer or harvests (‘pharms’) your personal data. And it is important to be more vigilant than ever: more than 3,600 new domain names containing the word "coronavirus" have been created since the outbreak according to FraudWatch International, many of which are used for phishing and pharming.

Unfortunately, with pharming there aren’t many clear-cut signs. Check the URL of the site you want to visit, to make sure it’s spelt correctly, and ensure it’s prefixed by ‘https’ – the ‘s’ stands for ‘secure’. Pictured is a scam text sent in by one of our loveMONEY readers supposedly from the Royal Bank of Scotland, but if you look carefully the 's' is missing from 'https' in the link.

So if the email has come from an unknown sender, don’t click on any links. A good example is the pictured email which is supposedly from UK supermarket Tesco. However, the sender's email reads rtfritz@ptd.net and it is addressed to a generic 'Customer'. Robert Pritchard says: “If you’re unsure if an email is legitimate, and it’s nothing at all to do with you, then just delete it. Go with your web browser the way you log in normally, which you trust, so you know you’re not being lured to a fake site."

In the same way that not all websites are what they say they are, sometimes fraudsters create fake versions of legitimate apps to take your money and data. They do this through ‘trojans’, malicious software hidden in apps, which infect your phone and stay active in its memory, performing background tasks like opening fraudulent webpages without your knowledge.

According to Robert, your susceptibility to trojans probably depends on what type of phone you have. “If you’re using an iPhone, you’ll probably be safe, but on the Android store there’s a bit more malicious software.” Certain apps might be more likely to hide trojans too: “Be cautious about downloading free games, especially if you’ve seen something online saying 'Play this game!' The apps which activate your torch on an Android phone can have malicious software too”.

There are two key things you need to do. Firstly, Robert says, “only download the apps you really need”. So free games, photo-editing software or horoscope apps might be worth binning unless they really seem legit. Secondly, Robert stresses the importance of downloading from a reputable provider. Checking the number of downloads or ratings an app has had can be one way of doing this.

Bank transfer scams are on the rise, with the amount of money stolen from UK bank accounts by criminals having increased by 40% in the past year, according to banking body UK Finance. In the US, some peoplee are seeing their money disappear due to a scam involving the popular digital payment service Zelle, which is embedded in many bank accounts. Zelle allows customers to send money instantly to others using an email address or phone number and helped users transfer $119 billion (£94bn) in 2018. In fact, many don't even realise that they use Zelle as it is pre-built into several banking apps, including Chase Bank and Bank of America. But it has become a target for scammers, who make spoof calls to access users' bank accounts, and their money.

But bank transfer scams are getting more sophisticated, says Brian Higgins, security specialist at Comparitech.com. “It’s very easy these days because there’s so much intellectual property available online. Scammers can just take logos, letterheads, letter footers off the internet and create a letter or email that looks legitimate. The places you need to look aren’t in the content, it’s everywhere else – it’s in the email header, it’s in the email addresses that people use,” says Brian. Often, scammers will monitor your emails before creating an email address that’s almost exactly the same as one you’ve corresponded to in the past – perhaps they’ll change an “o” to a zero, for example. The changes will often be very subtle.

Let’s say you get an email, which you think is from your bank, saying that your account details have changed. What should you do about it? “If there is any change of details, especially if you’re dealing with large sums of money, phone up your bank and ask them”, says Brian. “Just because the internet is there, doesn’t mean you have to use it for everything. Alternatively, go into a branch of your bank”. Likewise, if your bank calls you, don't provide any personal information, but contact them the way you normally do, even if that means hanging up and ringing your bank again. 

Facebook has more than two billion global users and Instagram has more than a billion. With so many of us using social media every day, especially during the coronavirus pandemic, it’s become an easy target for scammers. One common Facebook scam looks like this: a friend sends you a message with a link in it, saying, "Is this you?" If you click the link, it’ll direct you to a fake Facebook login page, which is actually run by fraudsters wanting to steal your data. There are also plenty of bogus Instagram accounts promising money in return for following or clicking on a link to a malicious site.

Discover Facebook's timeline and the staggering numbers behind its success

Deborah Vickers says: “If you’re thinking it’s too good to be true, it probably is. In terms of Facebook or Instagram impersonation scams, the hijacker is pretending to be that person.” In a particularly sinister scam in June 2019, scammers set up fraudulent accounts claiming to send aid to Sudan, such as “Sudan Meal Project” (pictured). They then would try to build up a following in order to cash in on advertising and sponsorship. 

“With emails you can check the email address, but with social media, scams can even come from people you are friends with,” says Deborah. If you receive a suspicious message from a friend, let them know that you think their account may have been hacked, and delete the message. If it’s too late and you’ve already clicked on the link, report the scammers to the social media site and change your login details.

Fraudsters have no qualms about playing with your heart to get hold of your money, and sadly rather than falling in love many people have fallen for scams when using dating websites. In fact, Americans and Canadians lost approximately $1 billion (£789m) to romance scams between 2015 and 2017 according to a study by BBB. In the US in 2016, over 15,000 cases were reported to the FBI's Internet Crime Complaints Center (IC3) – 2,500 more than 2015 – for losses that totalled over $230 million (£181.6m).

It can be hard to spot a dating scammer online, especially as fraudsters often research you and spend time working out the right things to say. However, there are a few things to be aware of. Unlike real daters, scammers typically won't want to meet up and will want to hide behind the fake persona they have created. The FBI states that fake profiles often say that they are in the construction industry and working on projects outside of the country to explain why they can't meet in person – and this also gives them a good story as to why they need your financial help. Some scammers will engage in phone calls to create a stronger connection and make the relationship seem real, while others may ask for inappropriate photos to blackmail you later down the line.

If you have suspicions about someone you are speaking to, the FBI recommends that you search their name and reverse image search their profile picture on the Internet to check if the results seem legitimate (pictured). To prove that someone is genuine you are looking for more than a Facebook profile that a scammer could have easily set up, but an established presence that would be hard to fake. Also, ask lots of questions when you talk to them. You should never send money to someone you don't know personally, but if you already have and suspect it's a scam contact the authorities, such as the FBI's IC3 or the UK's ActionFraud reporting centre.

In 2017, UK organisation Action Fraud set up a fake ticket selling website to show how easily people fall for such scams. The fake website, called Surfed Arts, duped1,571 fans who thought the site was real and clicked on it. When they did, they were taken to the Surfed Arts website which advised them they couldn’t buy tickets and gave tips on how to avoid fraud in the future. Meanwhile in the US, fake ticket selling scams are rife too: a poll of 1,000 adults by ticketing vendor Aventus found that 12% of respondents had purchased a concert ticket online that turned out to be a scam. 

With many third-party sites like StubHub and the UK's Viagogo selling on tickets to real events like an Ed Sheeran (pictured) gig it can be difficult to sort the real from the fake. But as with any scam, if it seems too good to be true, it probably is. These websites will often advertise tickets to events that are sold out everywhere else, and they’ll often be at marked-down prices – so those are two big clues to look out for. Also, check there are full contact details available on the website, which should mean an email address and a customer service phone number.

Fortunately, these types of scams are pretty easy to avoid. “Just make sure that if you can find a provider that you know is valid, go to their website”, says Robert Pritchard. If you think you’ve bought a ticket through a fraudulent website, report it to the police. While you may not be able to get your money back, it might prevent others from falling into the same trap. That way, you can enjoy your gig to the full.

Ransomware is every bit as scary as it sounds. Essentially, in a ransomware attack, hackers will use malicious software to get into your device. Then they’ll encrypt your data, turning it into code, which will block your access to your computer. In order for you to get back in, hackers will ask you to pay a ransom, often in the form of cryptocurrency. A link will show up telling you to pay a certain amount in bitcoin, and showing you where to get that bitcoin.

Like many other types of cybercrime, ransomware attacks are becoming more targeted and harder to spot. “Back in the day criminals just used to fire off an email to as many people as possible,” says Brian Higgins. “It’s a lot more sophisticated now, because there’s so much information about people online, on sites like LinkedIn and Facebook. If a cybercriminal gang decided that a particular business had a lot of money, rather than sending out 100,000 speculative emails, they would pick a person in that organisation and look them up online before launching a ransomware attack.”

Prevention is key in the case of these types of attacks. “The main piece of advice is to make sure your data is backed up, away from your main network, so if you are subject to a ransomware attack and your main network stops working, you can go back to your back-up,” says Brian. You can back up your device either through an external drive, using an internet service which you may have to pay a monthly fee for, or just use cloud storage such as Dropbox, Google Drive or Microsoft OneDrive.

Crypto-what? It’s a bit of a mouthful, but cryptojacking is basically when cybercriminals download software onto your device to secretly mine cryptocurrency. How? By either sending you an email that contains a link which downloads the software when you click on it, or by hiding the code in an advert or on a web page that again activates it when you click on something. It’s a cybercrime that's on the increase, with cybersecurity company McAfee Labs reporting in August that there was a 29% rise during the first quarter of 2019.

How the Winklevoss twins beat Facebook and became Bitcoin billionaires

“It’s difficult to spot”, says Brian. “Years ago, if your computer had a virus, it was pretty obvious because it was very slow and clunky. But these days, because of the sophistication of computers as well, you wouldn’t necessarily even know that your computer was being used to mine cryptocurrency”. That being said, you should keep an eye out for if your computer seems to be running slowly or overheating as these could be signs of a crytojacking attack.

As is the case for ransomware scams, prevention is key. “Make sure that you scan your networks regularly”, says Brian. “There’s free software available online that you can download. I scan my computer once a month, just to make sure”. It’s also worth improving your web browser’s security by using a good quality VPN (Virtual Private Network), which adds another layer of security to public and private networks, increasing your privacy by replacing your IP address with one from the VPN provider. Some VPNs are even designed especially to prevent ransomware scams and cryptojacking.

Now read about the work-from-home jobs that are hiring right now

Scammers have seized the opportunity to take advantage of people during the coronavirus pandemic, with a number of scams doing the rounds. One email scam, pictured, claims to be the UK government and tells people they can claim a tax refund to protect themselves during the pandemic. Another is a text scam which tricks people into thinking they have broken lockdown rules and asks for a "goodwill payment". Both of these scams lead to fake websites controlled by scammers.

HMRC will never ask for any personal or financial information over text, so that's one big clue. The email address can also be a clue if it's an email scam, for example the email address on the previous image is clearly not an official government address.

In the event of any kind of text scam, the government advises people not to reply, click on any links or call the telephone number provided. HMRC advises that people send any phishing text messages to 60599 and any emails to phishing@hmrc.gov.uk. You can also report scams to Action Fraud.