The most recent update from the National Fraud Intelligence Bureau is reporting a concerning trend in the number of spoof emails claiming to be from HMRC or GOV.UK.
Directors and business owners will have experienced an increase in genuine email communications from HMRC during COVID-19, due to the additional support being offered to businesses. That has in turn increased the risk that the recipient of a spoof email may not recognise it as a scam and click on the link.
The emails are sophisticated and use official branding, as well as trying to replicate believable official looking sender addresses.
Some of the common traits to look out for include:
Recipients being asked to click on a link to check whether they are eligible for the Government’s Coronavirus Grant
Emails titled “claim your HMRC Covid-19 Grant”, sent from the address firstname.lastname@example.org.
HMRC tax reduction emails where the sender name is spoofed to read “HMRevenue & Customs”. Recipients are asked to click on a link in order to claim a monetary benefit which will be automatically transferred to their debit/credit card
An email containing HMRC imagery that relates to the “Coronavirus Job Retention Scheme”. This email asks for the recipient’s personal details including a scanned copy of their National Insurance number
Steps you can take to protect yourself and your business
Check for any of the traits mentioned above and if in doubt delete it.
If you have any doubts at all about the validity of an email do not click on the links or attachments.
Never respond to unsolicited messages and calls that ask for your personal or financial details.
Always install the latest software and app updates to protect your devices from the latest threats.
Circulate this information to your teams so they are aware of the threat
The ECRC free Core Membership will provide you with resources and tools to help you protect your business from these kinds of attacks. You can sign up here and get your welcome pack today.
For information on how to update your devices, please visit: https://www.ncsc.gov.uk/guidance/securing-your-devices