It has come to that time of year again where letters from the tax man come shooting through the door and we start organising all of our paperwork and sorting out figures to make sure we get everything filed on time and ensure we pay the correct and hopefully minimum amount to the HMRC.
Whilst all this is going on, attackers know that it is tax season and start pushing out malware and scams to capitalise on this time of year.
If you have got your books done on time and handed into the HMRC, this is the point where you should take care on any emails you get supposedly from the HMRC. There is one particular email starting to float around that once recieved, forwards the victim to a convincing look alike of the HMRC website informs them that there has been a miscalculation on the amount of tax they owe and they are owed a large or larger refund (You can see where this is going). The website whilst looking convincing kindly asks for the bank details so that they can issue the refund. Once the victim has put in the details, it runs a piece of code to check that all the data has been entered in the correct format. Then send the data to the attackers, whilst sending the victim to the HMRC homepage. i must admit the process can look very convincing and if you do not know what to look out for you can get stuck in this trap.
What to remember so you do not get caught
There are 2 main principles to remember to make sure that this sort of thing doesn’t happen to you.
Firstly ,the HMRC have stated that for tax rebates, they would never contact a person by email to issue it. So any email seemingly from the HMRC about tax refunds are not legit.
Secondly if any email address sends you to an email address always check the address bat at the top to make sure the email has sent you to the correct place. For example, if the HMRC did contact regarding a certain topic and forwarded you to their website, the address at the top of your browser would be “http://www.hmrc.gov.uk”. If it is anything else it could be phishy.
The attacks at the moment are currently only targeting UK victims. But this is soon to change as the date for the tax returns for the US and Europe draw closer.
If you want to see some examples of these scam sites and email addresses, please see the examples on the HMRC website here.
Have you been attacked by one of these scams? Please comment below if you have and let us know if it was easily detectable or not.