Hackers Target The Self-employed With New HMRC SMS Phishing Scam

As reported by TechRadar, a new phishing scam has been uncovered by litigation specialists Griffin Law, and begins with a text message sent to self-employed workers offering a tax rebate purporting to be from HMRC.

The text message informs the victim they are eligible for a tax refund and directs them to a site called https://hmrefund.com, which then leads to an impressively realistic copy of the HMRC government site. A form on the site asks for the user’s email address, postcode and HMRC log-in details. The form calculates a fake refund amount, which in a test by Griffin Law experts totalled £217.17. A noticeable error in the scam was that the £ (pound sign) appears after, rather than before the amount. The next page reveals an online form asking key personal information from the victim, including their card number, name on card, account number, security code and expiry date.

Experts Comments

June 12, 2020
Jake Moore
Cybersecurity Specialist
ESET
HMRC scams feel like they have been around since the beginning of time, but the truth is that they still work in luring people in, hence they will continue until we make headway. These scams look and feel extremely believable and the embedded links appear more genuine than ever. Targeting self-employed people is a standard practice for scam artists but currently they remain an even bigger target as so many factors have changed in the workforce, questions have been left unanswered and so much.....Read More
HMRC scams feel like they have been around since the beginning of time, but the truth is that they still work in luring people in, hence they will continue until we make headway. These scams look and feel extremely believable and the embedded links appear more genuine than ever. Targeting self-employed people is a standard practice for scam artists but currently they remain an even bigger target as so many factors have changed in the workforce, questions have been left unanswered and so much information is changing daily. Therefore, when emails like this enter an inbox, they are deemed authentic by the unsuspecting victim, making it easier to click on them. Only very slight changes will be noticeable to the untrained eye but there will usually be a red flag on each mail to try and spot. It goes to show that you must never act immediately to any email purporting to be from the HMRC. Legitimate emails from the HMRC will not include links and I recommend saving the correct site pages in your bookmarks to use when you need to visit them in the future. This forces you to always frequent the genuine site each time you need to without revealing any personal information.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.