Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

Self-employed targeted by hackers with HMRC SMS phishing scam

Written by  Jun 09, 2020

Cyber criminals have launched a new phishing scam designed to steal personal and financial details of millions of self-employed workers using the Self-Employment Income Support Scheme during the Covid-19 outbreak.

The scam, uncovered by litigation specialists Griffin Law, begins with a text message sent to self-employed workers offering a tax rebate purporting to be from HMRC.

The news comes following Chancellor Rishi Sunak announcing an extension of the scheme, which has so far seen 2.3 million claims worth £6.8 billion will be able to claim a second and final grant in August.

The text message informs the victim they are eligible for a tax refund and directs them to a site called https://hmrefund.com which then leads to an frighteningly realistic copy of the HMRC government site.

Cyber Security on a Budget 2Also see: The importance of cybersecurity for UK businesses

A fake form on the site asks for the user’s email address, postcode and HMRC log-in details. The form calculates a fake refund amount, which in a test by Griffin Law experts totalled £217.17, a noticeable error in the scam was that the £ (pound sign) appears after, rather than before the amount (alarm bells should start ringing). The next page reveals an online form asking key personal information from the victim, including their card number, name on card, account number, security code and expiry date.

Griffin Law estimates that around 100 self-employed workers have reported the scam to their accountants and business networks up to now.

Advertisement


Microsoft Office Home And Business 2019 English Euro zone Media less (Product Key Inside - No Disc)

Cyber expert Chris Ross, SVP, Barracuda Networks comments: “This is the latest in a series of sophisticated HMRC-branded phishing scams designed to target vulnerable workers during the Covid-19 outbreak. We’ve seen a sharp rise in these kinds of schemes, often carefully crafted and timed alongside new government funding announcements to increase the likelihood of duping unsuspecting workers into handing over personal financial data.

Tackling this growing threat requires businesses to have the necessary security systems in place to identify suspicious emails and texts, as well as warning employees to remain vigilant against requests for private information from unverified sites and URLs, often sent to their phone. All it takes is one mistake and cyber criminals could get hold of the full details of a company debit card and bank account, causing serious problems for business owners.

If you want to see a more detailed explanation see our article What is Phishing?

Phishing scamAlso see: Phishing A Major Factor in UK Cybercrime

Ransomware Protection

This particular scheme is designed to trick unsuspecting self-employed workers into claiming a tax refund, at a time when many people are struggling to make ends meet. The scam uses official government branding, logos and layouts, including a disclaimer about the site using cookies to fool users into thinking this is a legitimate way to reclaim money.

Unscrupulous and heartless individuals do not care about the hardship you may face, particularly at a time when you need to watch your spending more than ever.

If there is any doubt about the legitimacy of links no matter how genuine they may look always check the real website first for more information about what you are being offered and contact them if necessary. It’s also critical that companies ensure they have the necessary cyber security systems in place to protect against malicious communications to prevent cyber attacks. To find out more what ransomware is see this article...


Peter Flynn

Creator and director of IT Security Centre UK.

I have worked in the IT industry for many years and developed my IT security skills in particular. As this area has always been of interest to me and is more important now than ever.

Contributors

We would like to invite IT Security Professionals from the UK to join our other contributors in providing high quality articles for our website.

To enhance IT Security Centres credentials and to offer an opportunity for other IT Professionals and IT Companies to share their work, information and ideas.

We are always happy to hear from other IT Security Professionals and look forward to your incite. please contact us for more information.

Popular News

Jun 13, 2020 IT Security News

Microsoft announces major issue in Windows 10 June 2020 updates

On 9th June, 2020, Microsoft released cumulative updates for supported versions of Windows 10 including version 2004, ve...

Jun 12, 2020 Cyber Security

NHS email service fooled users in phishing attack

NHS Digital is contacting users of its NHSmail email system after a small number of mailboxes were compromised in a gene...

Jun 09, 2020 Cyber Threats

Common types of cyber-attacks and how to avoid them

With cyber-attacks on the rise, businesses are constantly worried about losing vital data and the threat is very real. ...

Jun 12, 2020 IT Security News

100,000 cheap wireless cameras sold in the UK are vulnerable to hacking

Consumer advocacy organisation Which? has issued a warning over the security of wireless camera brands made by China-bas...

Jul 23, 2020 Cyber Security

Many cyber attacks on UK sports industry says report

At large percentage of sporting institutions, organisations and teams in the UK have suffered a security incident in the...

Jun 09, 2020 IT Security News

Self-employed targeted by hackers with HMRC SMS phishing scam

Cyber criminals have launched a new phishing scam designed to steal personal and financial details of millions of self-e...

Jun 25, 2020 IT Security News

NCSC catch a million phish

The National Cyber Security Centre has received the millionth submission to its Suspicious Email Reporting Service. ...

Jun 08, 2020 Cyber Security

Ransomware attack compensation: What the UK public think

UK consumers believes businesses should stand their ground having suffered a ransomware attack and refuse to negotiate w...

Jun 11, 2020 IT Security News

UK government still can’t decide how NHS contact tracing app should work

A new report today says that the UK government still hasn’t decided exactly how its NHS contact tracing app should wor...

Jun 10, 2020 IT Security News

Is your boss spying on you whilst you are homeworking?

The recent worldwide move to working from home has caused concern amongst employers.

Jun 27, 2020 IT Security News

Apple devices to get encrypted DNS

Apple this year will boldly go where its peers have gone before by implementing support for encrypted DNS in iOS and mac...

Jun 16, 2020 Internet of Things

Ripple20 Bug Exposes Millions of IoT Devices

Exactly how many of the devices that include Ripple20 bugs are directly hackable via the internet remains far from clear...

Jun 12, 2020 Cyber Security

Cybersecurity in the shortsighted gig economy

The ‘gig’ economy encompasses the increasing economic trend for professionals to take on a series of temporary work ...

Jun 08, 2020 Data Security

IBM data encryption is progressing

IBM is making a move forward with its homomorphic encryption (FHE) solution, providing encryption for in-use and shared ...

Jun 11, 2020 Cyber Security

UK government to fund nine cyber security projects

The government is to invest £10m through March 2024 from various sources to fund nine academic cyber security projects ...

Jun 12, 2020 IT Security News

Good reasons to use a proxy server

A proxy server – is a computer on the internet which acts as a middle-man between your computer and the website or ser...

Advertisement
Symantec Home 120x60

Advertisement