More than 6,000 cases of Covid-related fraud and cyber-crime have been recorded by the UK’s police forces during the pandemic.
The Action Fraud team said £34.5m had been stolen since 1 March 2020.
It covers activity in England, Wales and Northern Ireland, but not Scotland.
In a related development, the National Cyber Security Centre has told the BBC it is tackling about 30 “significant attacks” a month against the country’s pandemic response infrastructure.
These involves attempts to breach the NHS, vaccine producers and vaccine supply chains, among other organisations.
“There unfortunately have been a number of successful ransomware incidents against businesses – I can think of roughly around 10,” NCSC operations director Paul Chichester said.
Twin peaks
Other figures disclosed by City of London Police, which co-ordinates efforts to combat fraud, include:
more than 150 related arrests were made since the pandemic began
more than 2,000 websites, phone numbers and email addresses linked to the crimes were taken down
there was a total of 416,000 reports of fraud and cyber-crime
The activity peaked between April and May 2020, and January 2021 – both times when lockdowns were in force.
But this may be the tip of the iceberg.
The National Crime Agency estimates that just one in five fraud cases are typically reported to the police.
And the volunteer-run Cyber Helpline told the BBC only a quarter of those who had contacted it after a cyber-attack said they had also reported the incident to the police.
Bank loan scam
Many of the scams involved conning people out of their money and financial details by focusing on internet shopping.
Related fraud was 42% higher over the pandemic than the preceding year, as criminals took advantage of the fact many physical stores had been forced to close.
Anna – not her real name – from Cheltenham was one of thousands of people who received an SMS message asking her to go online and rearrange a parcel delivery.
She filled in her details, but later suspected something was wrong. She alerted her bank and cancelled her bank card.
“I thought, now I have nothing to worry about, everything is fine and case closed,” she told the BBC.
But the criminals used the details they had already obtained to authorise her bank to credit her account with a £9,000 loan.
And a short while later they called her, pretending to be the bank.
Not realising the scam, Anna told them she had not taken out a loan.
“They gave me the sort code and bank account number I needed to pay back the loan, and said if I paid the £9,000 there wouldn’t be any charges.
“But then I was still feeling suspicious, so I Googled the sort code, and it came up with a completely different bank.”
So, Anna called her bank directly and realised the scammers had returned.
“I didn’t lose any money but it did feel like a real burglary to be honest,” she said.
She closed her account, and changed her email address and mobile number. But she still does not feel safe.
Email attack
Charities are also common targets.
One in three charities suffered a cyber-attack during the first 10 months of the pandemic, according to Ecclesiastical Insurance.
One victim actually specialises in offering cyber-security advice to others.
Hackers got inside Charity Digital’s network for seven days without being detected. They compromised its email accounts and sent false invoices to clients.
The organisation’s chief executive, Jonathan Chevallie, told the BBC the breach had not been noticed in part because all his staff had been working from home.
Charity Digital spent more than £10,000 investigating the attack and has produced an online webinar to help others avoid a similar fate.
Fake tech support
Another popular type of cyber-fraud involved romance scams, in which people looking for relationships via the net often get fooled into sending money to prospective partners, who prey on their emotions.
This type of crime was 20% more common over the past year than the one before.
City of London Police also said key workers had also been specifically targeted.
In one case, a man was arrested on suspicion of using social media to advertise bogus car insurance policies to NHS workers.
The pandemic appears, however, to have coincided with a fall in one type of cyber-crime.
Reported cases of computer software service fraud – in which criminals call offering fake tech support to fool victims into sharing their payment card details and other credentials – dropped by 15.5%.