VAT-registered businesses with a taxable turnover above the VAT threshold are required to use the Making Tax Digital service to keep records digitally and use software to submit their VAT returns from 1 April 2019. Many traditional family run firms, local shops, tradesmen and others – who have submitted Paper VAT returns for a generation or more are going to have to switch to online accounting.
While the new system will make VAT collection better and more efficient, it also opens up business to a huge risk from Cyber Criminals, who will be sending ‘Phishing’ emails to businesses, impersonating bookkeepers, accountants, software providers and even HMRC, to get hold of critical business details.
Making Tax Digital for VAT comes into effect on 1st April 2019. HMRC has confirmed companies will be able to use a ‘cut and paste’ approach, instead of digital links, during the one-year soft landing. This is likely to last until at least April 2020. #MTD#VATpic.twitter.com/LtyR1Kt0Qh
“Targeted phishing is on the rise. While we are all told ad nauseum to be on guard against this kind of attack, we are all impulsive to a certain degree. Particularly when said phishing emails are very well constructed and convincing: often including logos, formatting and signatures that you would expect to see. These criminals lie and use psychological manipulation techniques to catch those that think themselves “cyber savvy” off-guard. No doubt everyone notices the massive influx of spam emails supposedly from HMRC around April every year. This isn’t a coincidence and just another way cyber criminals time and target their attacks, to add a sense of authenticity to entice you to click.”
Matt Lock, Director of Sales Engineers UK at Varonis:
“The new digital tax system will be a tempting target for cybercriminals – there will likely be attempts to actively compromise the system and to access the collected data after the fact. Even if you consider yourself to be a cyber-savvy individual, be alert. Don’t let your guard down – expect criminals to craft convincing phishing emails and phony websites that look like official channels of communication related to your digital taxes. If you receive a text telling you to call an unknown number or click on a link, delete the message. Check, then double-check, before clicking links or submitting personal information. Ensure that any software you use to collate and upload your taxes are patched and maintained securely. Vulnerabilities exposed in software are public knowledge and likely to be exploited by hackers.”
ISBuzz Team embodies the collaborative efforts of the dedicated staff at Information Security Buzz, converging a wide range of skills and viewpoints to present a unified, engaging voice in the information security realm. This entity isn't tied to a single individual; instead, it's a dynamic embodiment of a team diligently working behind the scenes to keep you updated and secure. When you read a post from ISBuzz Team, you're receiving the most relevant and actionable insights, curated and crafted by professionals tuned in to the pulse of the cybersecurity world. ISBuzz Team - your reliable compass in the fast-evolving landscape of information security
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.