Another new email phishing scam has been exposed by hackers allegedly from HM Revenue and Customs (HMRC).
The latest of many recent criminal fraud attempts is the use of the ubiquitous coronavirus theme alongside the VAT deferral theme to trick you into disclosing sensitive information.
The fake HMRC email is aimed at small business owners and attempts to remove sensitive information from companies struggling with the ongoing effects of the pandemic. HMRC has allowed VAT payments to be deferred between March and June of this year, and the scam email claiming to be from the tax office is trying to trick affected businesses into stealing private information like account names, passwords and Disclose payment details.
The latest scam has been uncovered by accounting specialist Lanop Outsourcing and, at least at first glance, features official HMRC branding and images. The phishing email begins: “Dear customers, your request to defer VAT payments due to Coronavirus (COVID-1
The email message contained a fake attachment with “More details and a full report on your application”. A one-time password is also required with the document. Trying to add further legitimacy to the message suggests that the original application has already been shared with others.
Anyone tempted to do what is requested in the email will be redirected to a bogus website and asked to enter sensitive business information. IT commentators universally remind business people and the general public that HMRC will never ask for credentials of any kind. You should also check the validity of emails or requests to visit websites that do not look or behave correctly.
“This scam is one of the most fraudulent and realistic phishing attacks we have seen since the beginning of the Covid-19 pandemic, and its legitimacy is just strong enough that affected business owners could easily fall into the trap of sharing personal information,” noted Shahzad Ali, managing director of Lanop Outsourcing.
“During these troubled times, a cyber hack should be the least of a concern for business owners, and it is important that the source of all important emails, especially those purportedly from a government agency, is verified before any further action is taken. ”