Experts On News: Hackers Targeting Self-employed With HMRC SMS Phishing Scam

Cyber criminals have launched a new phishing scam designed to steal personal and financial details of millions of self-employed workers using the Self-Employment Income Support Scheme (SEISS) during the Covid-19 outbreak. The scam, uncovered by litigation specialists Griffin Law, begins with a text message sent to self-employed workers offering a tax rebate purporting to be from HMRC.

The news comes following Chancellor Rishi Sunak announcing an extension of the scheme, which has so far seen 2.3 million claims worth £6.8 billion will be able to claim a second and final grant in August.

The text message informs the victim they are eligible for a tax refund and directs them to a site called https://hmrefund.com which then leads to an incredibly realistic copy of the HMRC government site.

A form on the site asks for the user’s email address, postcode and HMRC log-in details. The form calculates a fake refund amount, which in a test by Griffin Law experts totalled £217.17, a noticeable error in the scam was that the £ (pound sign) appears after, rather than before the amount. The next page reveals an online form asking key personal information from the victim, including their card number, name on card, account number, security code and expiry date.

Griffin Law estimates that around 100 self-employed workers have so far reported the scam to their accountants and business networks.


EXPERTS COMMENTS
Andy Harcup, VP EMEA,  Absolute Software
June 09, 2020
It is vital that users remain vigilant to such attacks, checking the origin and legitimacy of sites before handing over confidential financial data.
It’s no surprise that hackers are trying to cash-in on the Covid-19 outbreak, with increasingly opportunistic and sophisticated phishing scams framed around HMRC support programmes. This particular scheme is designed to trick unsuspecting self-employed workers into claiming a tax refund, at a time when many people are struggling to make ends meet. The scam uses official government branding, logo ....
[Read More >>]
Chris Ross, SVP,  Barracuda Networks
June 09, 2020
Tackling this growing threat requires businesses to have the necessary security systems in place to identify suspicious emails and texts.
This is the latest in a series of sophisticated HMRC-branded phishing scams designed to target vulnerable workers during the Covid-19 outbreak. We’ve seen a sharp rise in these kinds of schemes, often carefully crafted and timed alongside new government funding announcements to increase the likelihood of duping unsuspecting workers into handing over personal financial data. Tackling this growi ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article