Taxpayers are being warned about fraudsters who are taking advantage of HMRC as it currently processes tax refunds The Revenue said that fraudsters are using email and text messages to trick people into thinking they have received a tax rebate, causing them to hand over their personal and account details. Treasury minister Mel Stride said, “HMRC only informs you about tax refunds through the post or through your pay via your employer. All emails, text messages, or voicemail messages saying you have a tax refund are a scam. Do not click on any links in these messages and forward them to HMRC’s phishing email address and phone number. Eyal Benishti, CEO & Founder at IRONSCALES commented below.
Eyal Benishti, CEO & Founder at IRONSCALES:
“HMRC is one brand that continues to be plagued by scammers trying to abuse its position of trust, to spoof customers into handing over their personal information. It’s not entirely surprisingly to see HMRC issue this warning- phishers are canny and know when to strike- with increasingly sophisticated spoofing and impersonation techniques being utilised, they are counting on a click to get what they want. Although they have tried to stamp out this nefarious activity by increasing cybersecurity efforts, and even through implementing DMARC, HMRC continue to see the brand spoofed by criminals, resulting in unsuspecting victims being conned out of cash.
DMARC is not a silver bullet to protect against phishing threats such as this- it is time to think about email security differently. Instead of the focus being completely on preventing messages getting into mailboxes, take a bottom-up approach and focus efforts on the Mailbox. After all, that’s where the threat is either realised or quashed. Using machine learning algorithms and deep scans in the mailbox itself works to ensure an unprecedented level of phishing detection. With mailbox-level email security, organizations can detect phishing attacks that make it through secure email gateways, and subsequently alert users through inline messages to mitigate and remediate the threat as soon as possible.
It’s also wise to be vigilant, and aware of when scams like this are likely in circulation; phishers know when their best chances at success are, it’s up to you to play your part in your own security and beat them at their own game.”