A new email phishing scam, falsely purporting to be from the ‘Government Digital Service Team’, has been uncovered by the Parliament Street think tank’s cyber research team.
The sophisticated phishing attack targets low-income earners and claims that the addressee will be receiving a Council Tax Reduction of almost £400.
The fraudulent email uses official branding and government logos to trick the user into thinking the content is legitimate, before redirecting them to a malicious site designed to harvest personal information, such as bank card details, account number, sort code and security code, as well as a home address and mobile number.
The email begins ‘You have a new message from GOV.UK about your Council Tax’. Further down the accompanying message says: “You are getting a Council Tax Reduction (this used to be called Council Tax Benefit) considering you’re on a low income or get benefits. * Total amount of benefits: GBP 385.50. * The refunded amount will be transferred directly on your Debit/Credit card. * Apply now to claim the reductions made over your past 2 years of Council Tax payments.
The scam has already been flagged to locals in Wrexham, Cheshire, and Runcorn via local Councils, but the scam is believed to have started a second wave, targeting hundreds of others across the UK.
Researchers at the Parliament Street cyber research team have identified hundreds of new incidents of the email landing in the inboxes of individuals across the UK. The research team also noted that the scam email had several notable discrepancies, including stating a refund of £385.55 was available in the subject header, which is a different to the amount you’ll supposedly get that’s stated in the main email of £385.50.
It’s incredibly easy for hackers to copy government branding, logos and text from official websites and quickly create realistic-looking scams. All too often, weary workers who are struggling with the financial impact of the Covid-19 outbreak will jump at the chance for a discount or refund like this.
Anyone receiving and email like this should also double check the source address of the sender and carefully examine the communication for typos and errors, often associated with online scams. Failure to do so could put the financial and personal data of the individual and their employer at risk.
Since the start of Covid-19, the cyber threat facing adults in the UK has surged, and this latest attack is one of many which have been designed to prey on individuals’ vulnerability and fear during this trying time. In particular, hundreds of email phishing campaigns have targeted corporations and businesses, with malicious attackers standing ready to take advantage of naïve or distracted employees, or exploit gaps in security controls.
Regardless of the quantity of security training and software put in place, data will always be at risk from a sophisticated cyber attack, and therefore, it’s essential that CISOs take steps to quickly pinpoint potential threats and neutralise any cyber breaches as and when they occur, with effective and resilient endpoint security. This should equip organisations with the ability to communicate, control and repair remote devices beyond corporate networks as well as measure the health of security control apps and productivity tools, so that remote workers can safely stay productive.