HMRC are warning tax payers of a new scam where fraudsters are conning people out of their details.
The tax authority reported about this last month stating that the criminals are using text messages and emails to trick members of the public into giving them their bank details. Therefore, HMRC have emphasised the importance of remembering that they will only ever contact you via the phone or via your employer and pay.
Treasury Minister Mel Stride warned: “All emails, text messages, or voicemail messages saying you have a tax refund are a scam.”
She advised that anyone who does receive these type of communications are to ensure that they do not click on any of the links. Instead, they should be forwarded to HMRC’s specific phishing email address or phone number.
The CEO and Founder of phishing prevention company, Ironscales, Eyal Benishti stated that these warnings are not surprising. In fact, he emphasised how sophisticated phishers are actually getting, especially when it comes to their impersonations.
He explained: “HMRC is one brand that continues to be plagued by scammers trying to abuse its position of trust, to spoof customers into handing over their personal information.”
“Although they have tried to stamp out this nefarious activity by increasing cyber security efforts […] HMRC continue to see the brand spoofed by criminals, resulting in unsuspecting victims being conned out of cash.”
Despite HMRC implementing DMARC, an email authentication, policy, and reporting protocol tool, Benishti stated that it is “not a silver bullet” in protecting people. Whilst it did help drastically reduce the number of attempts at scamming tax payers back in 2016 when it was introduced, phishers are still able to get through.
He added: “It is time to think about email security differently.”
“Instead of the focus being completely on preventing messages getting into mailboxes, take a bottom-up approach and focus efforts on the Mailbox.”
“After all, that’s where the threat is either realised or quashed.”
“With mailbox-level email security, organisations can detect phishing attacks that make it through secure email gateways, and subsequently alert users through inline messages to mitigate and remediate the threat as soon as possible.”
So what do you think of this? Have you had any suspect emails or phone calls about tax rebates recently? Let us know in the comments below.