Hackers Target The Self-employed With New HMRC SMS Phishing Scam

As reported by TechRadar, a new phishing scam has been uncovered by litigation specialists Griffin Law, and begins with a text message sent to self-employed workers offering a tax rebate purporting to be from HMRC.

The text message informs the victim they are eligible for a tax refund and directs them to a site called https://hmrefund.com, which then leads to an impressively realistic copy of the HMRC government site. A form on the site asks for the user’s email address, postcode and HMRC log-in details. The form calculates a fake refund amount, which in a test by Griffin Law experts totalled £217.17. A noticeable error in the scam was that the £ (pound sign) appears after, rather than before the amount. The next page reveals an online form asking key personal information from the victim, including their card number, name on card, account number, security code and expiry date.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Jake Moore
Jake Moore , Cybersecurity Specialist
InfoSec Expert
June 12, 2020 10:38 am

HMRC scams feel like they have been around since the beginning of time, but the truth is that they still work in luring people in, hence they will continue until we make headway. These scams look and feel extremely believable and the embedded links appear more genuine than ever.

Targeting self-employed people is a standard practice for scam artists but currently they remain an even bigger target as so many factors have changed in the workforce, questions have been left unanswered and so much information is changing daily. Therefore, when emails like this enter an inbox, they are deemed authentic by the unsuspecting victim, making it easier to click on them.

Only very slight changes will be noticeable to the untrained eye but there will usually be a red flag on each mail to try and spot. It goes to show that you must never act immediately to any email purporting to be from the HMRC. Legitimate emails from the HMRC will not include links and I recommend saving the correct site pages in your bookmarks to use when you need to visit them in the future. This forces you to always frequent the genuine site each time you need to without revealing any personal information.

Last edited 2 years ago by Jake Moore
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x