Within minutes of the U.K. government's furlough scheme going live, it was targeted by opportunistic hackers impersonating the country's tax collection agency.
Hundreds of phishing emails landed in people's inboxes inviting them to click on a link that takes them to what looks like an HMRC (HM Revenue and Customs) furlough claim website.
The website asks people to fill in their personal, card and bank account details. But instead of going to HMRC, the details go to the hackers.
"This is a scam," an HMRC spokesperson told CNBC via email. "The website associated with the scam is in the process of being taken down. Fraudsters are taking advantage of the package of measures announced by the Government to support people and businesses affected by coronavirus."
The phishing campaign was spotted by cybersecurity firm Mimecast. Researchers at the firm said they detected 840 phishing emails within hours of the furlough scheme going live.
"At Mimecast, our Threat Intel team is constantly monitoring for phishing campaigns such as this one," said Carl Wearn, head of e-crime at Mimecast.
"As the furlough scheme was opening, we knew that cybercriminals would be looking to exploit this so set up a filter to monitor for keywords related to this."
It's unclear how many people fell for the scam or how much money has been stolen by the hackers.
Scammers exploit Covid-19
HMRC, which collects taxes and issues state support, said it has identified 54 coronavirus-related financial scams to date.
"Scammers text, email or phone taxpayers offering spurious financial support or tax refunds, sometimes threatening them with arrest if they don't immediately pay fictitious tax owed," a HMRC spokesperson said.
"These scams often target the elderly and vulnerable."
HMRC said it has asked internet service providers to take down more than 227 web addresses associated with these scam campaigns.
"We have a dedicated Customer Protection Team in our Cyber Security Operations and work is always ongoing to identify and close down scams," a HMRC spokesperson said.