VAT-registered businesses with a taxable turnover above the VAT threshold are required to use the Making Tax Digital service to keep records digitally and use software to submit their VAT returns from 1 April 2019. Many traditional family run firms, local shops, tradesmen and others – who have submitted Paper VAT returns for a generation or more are going to have to switch to online accounting.
While the new system will make VAT collection better and more efficient, it also opens up business to a huge risk from Cyber Criminals, who will be sending ‘Phishing’ emails to businesses, impersonating bookkeepers, accountants, software providers and even HMRC, to get hold of critical business details.
Making Tax Digital for VAT comes into effect on 1st April 2019. HMRC has confirmed companies will be able to use a ‘cut and paste’ approach, instead of digital links, during the one-year soft landing. This is likely to last until at least April 2020. #MTD #VAT pic.twitter.com/LtyR1Kt0Qh
— Robin Oatridge & Co (@robinoatridge) March 28, 2019
Expert Comments Below:
Jake Moore, Cybersecurity Specialist at ESET:
“Targeted phishing is on the rise. While we are all told ad nauseum to be on guard against this kind of attack, we are all impulsive to a certain degree. Particularly when said phishing emails are very well constructed and convincing: often including logos, formatting and signatures that you would expect to see. These criminals lie and use psychological manipulation techniques to catch those that think themselves “cyber savvy” off-guard. No doubt everyone notices the massive influx of spam emails supposedly from HMRC around April every year. This isn’t a coincidence and just another way cyber criminals time and target their attacks, to add a sense of authenticity to entice you to click.”
Matt Lock, Director of Sales Engineers UK at Varonis:
“The new digital tax system will be a tempting target for cybercriminals – there will likely be attempts to actively compromise the system and to access the collected data after the fact. Even if you consider yourself to be a cyber-savvy individual, be alert. Don’t let your guard down – expect criminals to craft convincing phishing emails and phony websites that look like official channels of communication related to your digital taxes. If you receive a text telling you to call an unknown number or click on a link, delete the message. Check, then double-check, before clicking links or submitting personal information. Ensure that any software you use to collate and upload your taxes are patched and maintained securely. Vulnerabilities exposed in software are public knowledge and likely to be exploited by hackers.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.