Fascinating cybercrime statistics show an effect on SMEs

We’ve been regularly reporting a rise in cyber-related fraud, phishing scams and similar attacks and the effect it's having on smaller businesses and charities.

Action Fraud, the reporting body for cyber crime, has logged 3,138 reports of COVID-19-related fraud and 14,545 reports of COVID-19-related phishing. Since the pandemic began, COVID-19 related fraud has made up 2% of all fraud reports made to Action Fraud, with an overall increase in reports of 14% compared to the 2019 weekly average, and 40% higher than compared to the ‘pre-lockdown’ week (w/c 16 March 2020).

What kind of fraud is it? Currently, the most common threats that could affect small businesses include;

1. Online shopping

2. Investment fraud

3. HMRC email scams, where recipients are asked to click on a link to check if they’re eligible for a government coronavirus grant.

The senders are spoofing email addresses and names, using '' and ‘HMRevenue & Customs’ to try and dupe busy readers. A second HMRC-related email scam asks for recipients’ personal details to participate in a ‘coronavirus job retention scheme’.

Action Fraud have also reported a number of scam emails offering relief funds related to COVID-19. The most recent has targeted Microsoft email account holders, claiming to be from a senior director at Microsoft. Another recent email scam purported to offer £12.5 million in relief funds for individuals to ‘purchase and distribute relief materials for the control of Covid-19’ in their region.

What can I do about this? With so many cyberattacks taking place, it’s important to remain vigilant, especially if you’re an SME with employees working remotely. If you need support, we offer a variety of membership options – including a free membership – where you can access resources and up-to-date guidance from policing and industry experts. We also post regular updates on our blog relating to recent cybercrime trends, so you can stay one step ahead.

Our Tier 1 membership can include a staff training session, which could have a significant impact on helping your organisations become more cyber resilient. It includes specialists answering your staff questions, as well as training them on what to look out for and what to do about it.

If you think you’ve been a victim of cybercrime, you should report it immediately to Action Fraud by calling 0300 123 2040 or online.

Forward suspicious emails to

You can report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).

If you would like to become a member of East Midlands Cyber Resilience Centre you can join here.

The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.