• Home
  • News
    • People moves
    • Africa
    • Asia
    • Australia
    • Canada
    • Caribbean
    • Domicile
    • Europe
    • Latin America
    • North America
    • Middle East
    • US
    • US
    • UK
  • Products
    • Funds
    • Pensions
    • Platforms
    • Insurance
    • Investments
    • Private Banking
    • Citizenship
    • Taxation
  • Fintech
  • Regulation
  • ESG
  • Expats
  • In Depth
  • Special Reports
  • Directory
  • Video
  • Advertise with us
  • Directory
  • Events
  • European Fund Selector
  • Newsletters
  • Follow us
    • Twitter
    • LinkedIn
    • Newsletters
  • Advertise with us
  • Directory
  • Events
    • Upcoming events
      View all events
  • European Fund Selector
International Investment
International Investment

Sponsored by

Sharing Alpha
  • Home
  • News
  • Products
  • Fintech
  • Regulation
  • ESG
  • Expats
  • In Depth
  • Special Reports
  • Video
  • Cybercrime

HMRC-branded covid-19 scam targets passport details of self-employed

HMRC-branded covid-19 scam targets passport details of self-employed
  • Christopher Copper-Ind
  • @intlinvestment
  • 30 June 2020
  • Tweet  
  • Facebook  
  • LinkedIn  
  • Send to  

Self-employed workers in the UK are being targeted with a new SMS phishing scam, designed to obtain the victim's passport number, home address, and bank account details, it has emerged today.

The scheme, uncovered by Griffin Law, beings with a text message purporting to be from HMRC, telling the recipient they are due a tax refund and should apply online via a site with the URL http://ukservice.org.

Related articles

  • Hackers exploit HMRC covid-19 Job Retention Scheme with phishing scam
  • UK taxpayers facing millions of HMRC scams
  • HMRC warns against coronavirus email scam
  • Coronavirus-related fraud scams on the rise as UK losses near £1m

The site uses official HMRC branding and is entitled "Coronavirus (Covid-19) guidance and support." It asks visitors for personal details including their name, home address and government gateway log-in credentials. The form then calculates a "tax refund" which always gives the result of £324.37, event when fake credentials are entered.

All it takes is a single employee to accidentally hand over confidential company information, such as bank account details, a username or password for a potentially catastrophic data breach to occur. For many companies It's not a question of if, but when."

Users are them asked to provide their personal bank details in full, including the expiry date, name on the card, sort code and Card Verification Value (CVV). A new aspect of the latest scam is that it also asks for ‘verification' of the user by requesting the passport number for the purpose of identity theft. Errors in the website code have been noted by suspicious users, including links for "extra information" and "cookies" leading to broken links.

So far, Griffin Law says  it has ascertained that around 80 self-employed London-based workers have reported receiving this scam to their respective accountant.

Cyber expert Stav Pischits, CEO, Cynance, commented: "The covid-19 crisis has triggered a sharp rise in phishing attacks targeting businesses and individuals with realistic scams promising financial support and purporting to be from HMRC."

"All it takes is a single employee to accidentally hand over confidential company information, such as bank account details, a username or password for a potentially catastrophic data breach to occur. For many companies It's not a question of if, but when."

Pischits added: "It's therefore vital that all companies invest in improving cybersecurity procedures, particularly with millions of employees working remotely for the foreseeable future. Key to this is fostering a people-processes-technologies focused approach. It is essential to invest in employees' security training, cyber awareness and review and refresh internal procedures that deal with email security and teleworking. It's also important to make sure that the right security tools are implemented and configured properly."

Chris Ross, senior vice-president of Barracuda Networks, added, "There has been a sharp rise in the number of HMRC-related SMS and email phishing scams targeting workers with fraudulent financial support schemes. Often, the hacker will send a tailored text message to catch the victim off-guard to their personal phone, something that has is increased with millions working from home due to the health crisis."

"The fact is that cyber criminals will exploit any situation to harvest financial data from individuals, seeing the national emergency as the perfect opportunity to fool vulnerable victims into handing over personal information."

"Security awareness is key within the workforce is key, and it's vital that all employee are trained about how these schemes operate as well as how SMS can be exploited as part of a wider phishing scheme."

Subscribe to International Investment's free, twice-daily, newsletter

 

  • Tweet  
  • Facebook  
  • LinkedIn  
  • Send to  
  • Topics
  • Cybercrime
  • UK
  • Griffin Law
  • HMRC
  • Stav Pischits
  • Chris Ross
  • Barracuda Networks

More on Cybercrime

Comment: How the pandemic has increased the risk for cybersecurity

  • Comment
  • 19 November 2020
Cybersecurity & Data Privacy Webinar available for sign-up

  • Cybercrime
  • 19 November 2020
'Once bitten, twice shy' as scam victims shun investing again: Quilter research

  • Cybercrime
  • 17 November 2020
Half of FCA scam warnings are impersonations of real brands: research

  • Cybercrime
  • 10 November 2020
Healthcare system facing 'increased and imminent' cyber threat

  • Cybercrime
  • 03 November 2020
Back to Top

Most read

FCA issues warning on cyrptocurrencies as Bitcoin volatility continues
FCA issues warning on cyrptocurrencies as Bitcoin volatility continues
Australian expats warned of tax bills on return post-pandemic
Australian expats warned of tax bills on return post-pandemic
DeVere launches equity fund with Columbia Threadneedle Investments
DeVere launches equity fund with Columbia Threadneedle Investments
Guardian WM is reborn as Skybound WM
Guardian WM is reborn as Skybound WM
People moves: IQ-EQ, AllianceBernstein, Beaufort Group, BCS Global Markets, Tyndall IM, TMF Group
People moves: IQ-EQ, AllianceBernstein, Beaufort Group, BCS Global Markets, Tyndall IM, TMF Group
  • Contact Us
  • Marketing solutions
  • About Incisive Media
  • Terms and conditions
  • Policies
  • Careers
  • Twitter
  • LinkedIn
  • Newsletters

© Incisive Business Media (IP) Limited, Published by Incisive Business Media Limited, New London House, 172 Drury Lane, London WC2B 5QR, registered in England and Wales with company registration numbers 09177174 & 09178013

Digital publisher of the year
Digital publisher of the year 2010, 2013, 2016 & 2017
Loading