• Home
  • News
    • People moves
    • Africa
    • Asia
    • Australia
    • Canada
    • Caribbean
    • Domicile
    • Europe
    • Latin America
    • North America
    • Middle East
    • US
    • US
    • UK
  • Products
    • Funds
    • Pensions
    • Platforms
    • Insurance
    • Investments
    • Private Banking
    • Citizenship
    • Taxation
  • Fintech
  • Regulation
  • ESG
  • Expats
  • In Depth
  • Special Reports
  • Directory
  • Video
  • Advertise with us
  • Directory
  • Events
  • European Fund Selector
  • Newsletters
  • Follow us
    • Twitter
    • LinkedIn
    • Newsletters
  • Advertise with us
  • Directory
  • Events
    • Upcoming events
      event logo
      Sustainable Investment Festival 2021

      The Sustainable Investment Festival will run online from 22-25 June and will include thought-provoking presentations from renowned keynote speakers, innovative breakout events and sessions specifically tailored to meet the information needs of fund selectors, financial advisers, pension consultants, trustees and scheme managers.

      • Date: 22 Jun 2021
      • Online, Online
      View all events
  • European Fund Selector
International Investment
International Investment

Sponsored by

Sharing Alpha
  • Home
  • News
  • Products
  • Fintech
  • Regulation
  • ESG
  • Expats
  • In Depth
  • Special Reports
  • Video
  • Cybercrime

HMRC-branded covid-19 scam targets passport details of self-employed

HMRC-branded covid-19 scam targets passport details of self-employed
  • Christopher Copper-Ind
  • @intlinvestment
  • 30 June 2020
  • Tweet  
  • Facebook  
  • LinkedIn  
  • Send to  

Self-employed workers in the UK are being targeted with a new SMS phishing scam, designed to obtain the victim's passport number, home address, and bank account details, it has emerged today.

The scheme, uncovered by Griffin Law, beings with a text message purporting to be from HMRC, telling the recipient they are due a tax refund and should apply online via a site with the URL http://ukservice.org.

Related articles

  • Hackers exploit HMRC covid-19 Job Retention Scheme with phishing scam
  • UK taxpayers facing millions of HMRC scams
  • HMRC warns against coronavirus email scam
  • Coronavirus-related fraud scams on the rise as UK losses near £1m

The site uses official HMRC branding and is entitled "Coronavirus (Covid-19) guidance and support." It asks visitors for personal details including their name, home address and government gateway log-in credentials. The form then calculates a "tax refund" which always gives the result of £324.37, event when fake credentials are entered.

All it takes is a single employee to accidentally hand over confidential company information, such as bank account details, a username or password for a potentially catastrophic data breach to occur. For many companies It's not a question of if, but when."

Users are them asked to provide their personal bank details in full, including the expiry date, name on the card, sort code and Card Verification Value (CVV). A new aspect of the latest scam is that it also asks for ‘verification' of the user by requesting the passport number for the purpose of identity theft. Errors in the website code have been noted by suspicious users, including links for "extra information" and "cookies" leading to broken links.

So far, Griffin Law says  it has ascertained that around 80 self-employed London-based workers have reported receiving this scam to their respective accountant.

Cyber expert Stav Pischits, CEO, Cynance, commented: "The covid-19 crisis has triggered a sharp rise in phishing attacks targeting businesses and individuals with realistic scams promising financial support and purporting to be from HMRC."

"All it takes is a single employee to accidentally hand over confidential company information, such as bank account details, a username or password for a potentially catastrophic data breach to occur. For many companies It's not a question of if, but when."

Pischits added: "It's therefore vital that all companies invest in improving cybersecurity procedures, particularly with millions of employees working remotely for the foreseeable future. Key to this is fostering a people-processes-technologies focused approach. It is essential to invest in employees' security training, cyber awareness and review and refresh internal procedures that deal with email security and teleworking. It's also important to make sure that the right security tools are implemented and configured properly."

Chris Ross, senior vice-president of Barracuda Networks, added, "There has been a sharp rise in the number of HMRC-related SMS and email phishing scams targeting workers with fraudulent financial support schemes. Often, the hacker will send a tailored text message to catch the victim off-guard to their personal phone, something that has is increased with millions working from home due to the health crisis."

"The fact is that cyber criminals will exploit any situation to harvest financial data from individuals, seeing the national emergency as the perfect opportunity to fool vulnerable victims into handing over personal information."

"Security awareness is key within the workforce is key, and it's vital that all employee are trained about how these schemes operate as well as how SMS can be exploited as part of a wider phishing scheme."

Subscribe to International Investment's free, twice-daily, newsletter

 

  • Tweet  
  • Facebook  
  • LinkedIn  
  • Send to  
  • Topics
  • Cybercrime
  • UK
  • Griffin Law
  • HMRC
  • Stav Pischits
  • Chris Ross
  • Barracuda Networks

More on Cybercrime

Investment fraud reports 32% leap as criminals exploit covid-19

  • Cybercrime
  • 26 March 2021
Book tells how Dubai investor won legal battle against rogue advisers

  • Cybercrime
  • 08 February 2021
Fraudsters target SJP clients in clone scam offering advice

  • Cybercrime
  • 05 February 2021
FCA secures interim restitution order against illegal deposit takers

  • Cybercrime
  • 03 February 2021
FCA issues warning after investment scams cost savers £78m in 2020

  • Cybercrime
  • 27 January 2021
Back to Top

Most read

First digital only bank in UAE set to go live
First digital only bank in UAE set to go live
Standard Chartered names Singapore heavy hitter for global role
Standard Chartered names Singapore heavy hitter for global role
UK regulator bans financial adviser for dishonesty
UK regulator bans financial adviser for dishonesty
Bitcoin hits record high on cusp of Coinbase IPO
Bitcoin hits record high on cusp of Coinbase IPO
DeVere UK and Fidelius enter strategic partnership
DeVere UK and Fidelius enter strategic partnership
  • Contact Us
  • Marketing solutions
  • About Incisive Media
  • Terms and conditions
  • Policies
  • Careers
  • Twitter
  • LinkedIn
  • Newsletters

© Incisive Business Media (IP) Limited, Published by Incisive Business Media Limited, New London House, 172 Drury Lane, London WC2B 5QR, registered in England and Wales with company registration numbers 09177174 & 09178013

Digital publisher of the year
Digital publisher of the year 2010, 2013, 2016 & 2017
Loading