In the Cyber Security scene, staying on top of the latest Cyber threats and trends is imperative to prepare for them. In this blog, we’ll be spreading awareness of the very recently discovered HMRC Phishing scams that have already claimed the sensitive information of thousands within the UK.
Details on the Phishing scam itself
Most Phishing victims received emails or texts claiming they risk losing out on payments unless they fill in their details or that a direct debit payment hasn’t worked.
However, in this case of the HMRC specifically, reports have emerged about threat actors using the tax credits renewal deadline on 31 July – to target their victims. The HMRC is warning tax credits customers to be alert to scams that mimic government communications to make them appear genuine.
The cruelty in this type of scam lies in the fact that tax credits is a solution for low-income households to help them with the cost of living, which is higher now than ever.
We find this commonly in Phishing scams, where the threat actor will exploit public concerns such as the cost of living to make their scams more believable.
Some individuals have even received scam phone calls threatening arrest if they don’t pay ‘tax’ that they owe, according to HMRC.
I can certainly speak for a lot of others when I say that a call like this would be quite scary, especially to an unsuspecting victim. Sure, we all have some degree of Cyber awareness. However, using something to scare the victim such as the tax renewal deadline can make a scam more believable.
Here’s an example of such a Phishing email:
Now, it’s safe to say that to someone with little experience in spotting signs of Phishing, this email would look very believable. In addition, the element of fear by using the tax deadline will also impair most victim’s judgement, potentially causing them to miss certain signs that they would’ve normally identified.
An example would be how in the above email, there is a spelling error on the last paragraph, where there is two W’s in the word “While”:
This is one of the more obscure signs, others include missing details such as the victims name- if any company is trying to contact you, they should know your name!
What we can take away from this
This is a major example of why knowing the signs of Phishing is so important, however, this can apply to every other aspect of Cyber Security in general. We cannot stress it enough when we say “Awareness is key!”
In the case of the HMRC, this is unfortunately not something that is a recent development. Throughout recent years, the firm has had a 234% increase in scam calls alone– in which threat actors will contact HMRC customers, pretending to act on behalf of the firm.
Furthermore, according to National Cyber Security Centre (NCSC) figures cited by HMRC, the tax office was the third most spoofed government body in 2022, behind the NHS and TV Licensing.
HMRC urged citizens never to click on links or download attachments in unsolicited emails, and to always check on Gov.uk that the contact is a genuine one.
For those unsure whether a text may be a scam, we recommend forwarding it to 60599, while suspicious emails should be sent to phishing@hmrc.gov.uk, and tax scam phone calls should be reported to Gov.uk.
If any money is stolen, victims should contact their bank immediately and report the incident to Action Fraud.
Conclusion
In conclusion, this recent trend should be taken as a reminder of why everyone should invest time, effort and money into their Cyber Security, whether you are an individual, business or organisation.
This is because anyone can be a victim of Phishing online. As the saying goes, “you can’t fight what you can’t see”. This applies to Phishing especially.
Because of this, we strongly suggest you consider Cyber Security training or a governmental scheme for your business like Cyber Essentials.
We hope you’ve liked this blog and that you’ll stick around to see our future releases, covering everything from recent IT News to Knowledgebase articles. Thanks for reading!
