top of page

ECRC tips to help businesses spot HMRC email scams

The most recent update from the National Fraud Intelligence Bureau is reporting a concerning trend in the number of spoof emails claiming to be from HMRC or GOV.UK.


Directors and business owners will have experienced an increase in genuine email communications from HMRC during COVID-19, due to the additional support being offered to businesses. That has in turn increased the risk that the recipient of a spoof email may not recognise it as a scam and click on the link.


The emails are sophisticated and use official branding, as well as trying to replicate believable official looking sender addresses.


Some of the common traits to look out for include:

  • Recipients being asked to click on a link to check whether they are eligible for the Government’s Coronavirus Grant

  • Emails titled “claim your HMRC Covid-19 Grant”, sent from the address hmrc@online.com.

  • HMRC tax reduction emails where the sender name is spoofed to read “HMRevenue & Customs”. Recipients are asked to click on a link in order to claim a monetary benefit which will be automatically transferred to their debit/credit card

  • An email containing HMRC imagery that relates to the “Coronavirus Job Retention Scheme”. This email asks for the recipient’s personal details including a scanned copy of their National Insurance number

Steps you can take to protect yourself and your business

  • Check for any of the traits mentioned above and if in doubt delete it.

  • If you have any doubts at all about the validity of an email do not click on the links or attachments.

  • Never respond to unsolicited messages and calls that ask for your personal or financial details.

  • Always install the latest software and app updates to protect your devices from the latest threats.

  • Circulate this information to your teams so they are aware of the threat

The ECRC free Core Membership will provide you with resources and tools to help you protect your business from these kinds of attacks. You can sign up here and get your welcome pack today.

For information on how to update your devices, please visit: https://www.ncsc.gov.uk/guidance/securing-your-devices

Comentarios


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page