Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

Advertisement

Self-employed targeted by hackers with HMRC SMS phishing scam

Written by  Jun 09, 2020

Cyber criminals have launched a new phishing scam designed to steal personal and financial details of millions of self-employed workers using the Self-Employment Income Support Scheme during the Covid-19 outbreak.

The scam, uncovered by litigation specialists Griffin Law, begins with a text message sent to self-employed workers offering a tax rebate purporting to be from HMRC.

The news comes following Chancellor Rishi Sunak announcing an extension of the scheme, which has so far seen 2.3 million claims worth £6.8 billion will be able to claim a second and final grant in August.

The text message informs the victim they are eligible for a tax refund and directs them to a site called https://hmrefund.com which then leads to an frighteningly realistic copy of the HMRC government site.

Also see: The importance of cybersecurity for UK businesses

A fake form on the site asks for the user’s email address, postcode and HMRC log-in details. The form calculates a fake refund amount, which in a test by Griffin Law experts totalled £217.17, a noticeable error in the scam was that the £ (pound sign) appears after, rather than before the amount (alarm bells should start ringing). The next page reveals an online form asking key personal information from the victim, including their card number, name on card, account number, security code and expiry date.

Griffin Law estimates that around 100 self-employed workers have reported the scam to their accountants and business networks up to now.

Advertisement


Microsoft Office Home And Business 2019 English Euro zone Media less (Product Key Inside - No Disc)

Cyber expert Chris Ross, SVP, Barracuda Networks comments: “This is the latest in a series of sophisticated HMRC-branded phishing scams designed to target vulnerable workers during the Covid-19 outbreak. We’ve seen a sharp rise in these kinds of schemes, often carefully crafted and timed alongside new government funding announcements to increase the likelihood of duping unsuspecting workers into handing over personal financial data.

Tackling this growing threat requires businesses to have the necessary security systems in place to identify suspicious emails and texts, as well as warning employees to remain vigilant against requests for private information from unverified sites and URLs, often sent to their phone. All it takes is one mistake and cyber criminals could get hold of the full details of a company debit card and bank account, causing serious problems for business owners.

If you want to see a more detailed explanation see our article What is Phishing?

Ransomware Protection

This particular scheme is designed to trick unsuspecting self-employed workers into claiming a tax refund, at a time when many people are struggling to make ends meet. The scam uses official government branding, logos and layouts, including a disclaimer about the site using cookies to fool users into thinking this is a legitimate way to reclaim money.

Unscrupulous and heartless individuals do not care about the hardship you may face, particularly at a time when you need to watch your spending more than ever.

If there is any doubt about the legitimacy of links no matter how genuine they may look always check the real website first for more information about what you are being offered and contact them if necessary. It’s also critical that companies ensure they have the necessary cyber security systems in place to protect against malicious communications to prevent cyber attacks. To find out more what ransomware is see this article...


Do you find this article useful? Comment below...

Paul Anderson

Our Cyber world tech journalist, Paul specialises in Cyber Security having worked in the field for over 5 years and has previous Tech admin roles to his credit. Applying Cyber tech to office use and sharing Cyber related articles are what Paul offers us. He is very experienced and his contribution is invaluable.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Popular in Security