Phishing email scam exploits HMRC job retention scheme

The scam, which was discovered by the Lanop Accountancy Group, involves phishing emails to companies about the scheme that purport to be from the first permanent secretary and chief executive of HMRC, Jim Harra.

Sent via the email address, official HMRC branding was used by the culprits, and the message asks for the bank details of the recipient.

Approximately 50 company owners reported the scam to Lanop upon noticing the false address alongside the user title ‘HM Revenue & Customs’.

The message, which had typos, was as follows:

“Dear customer, We wrote to you last week to help you prepare to make a claim through the Coronavirus Job Retention Scheme. We are now writing to tell you how to access the Covid-19 relief. You will need to tell your us which UK bank account you want the grant to be paid into, in order to ensure funds are paid as quickly as possible to you.”

Aurangzaib Chawla FCCA, managing partner of Lanop Accountants, said: “We’re calling upon all businesses to think twice before handing over bank details and making bank transfers in response to email requests during this crisis.

“Cyber crime is rising rapidly and this is the first of what we expect to be many scam emails, designed to trick unsuspecting owners into handing over private company data.

“We are also offering free advice about how to tackle these scams and reporting any suspicious activity direct to HMRC.”

A spokesperson from HMRC commented: “Fraudsters are taking advantage of the package of measures announced by the government to support people and businesses affected by coronavirus.

“Scammers text, email or phone taxpayers offering spurious financial support or tax refunds, sometimes threatening them with arrest if they don’t immediately pay fictitious tax owed.”

A rise in cyber exploitation

Recent research from Barracuda Networks has found a 667% increase in Coronavirus-related phishing emails. These include emails claiming to be from the World Health Organisation (WHO), and the NHS.

A common theme within these emails has involved the claim to be offering personal protection equipment (PPE), such as facemasks.

“We’re seeing a sharp rise in phishing emails relating to the Covid-19 outbreak and this example underlines how hackers will prey upon vulnerable business owners who are trying to protect jobs,” said Chris Ross, senior vice-president, sales at Barracuda Networks.

“As always with these scams, the victim is encouraged to disclose personal data and financial information under the false assumption that the email is legitimate.

“It is absolutely vital that businesses have the cyber security systems in place to identify and quarantine phishing emails and ensure that every employee is properly trained to spot suspicious communication and think twice before giving out personal information.”

Protecting your business from phishing scams

While many companies now live in fear of a data breach and the regulatory and financial consequences, they often don’t have any idea how to protect themselves from a phishing scam in the first place. Read here

Exploiting the new normal

According to Jake Moore, cyber security specialist at ESET, says that the problem with dealing with the rise in phishing emails relating to COVID-19 comes from victims not knowing exactly what separates a genuine email from a scam, due to the currently uncertain circumstances.

“Cybercriminals are quicker than ever to replicate legitimate emails and make them look rather convincing,” said Moore. “The bigger problem with these copied emails is that people aren’t yet used to what looks normal as this is a completely new environment for us all.

“If an unknown victim is panicking about finances at the same time that they received a well-crafted email, it will come as no surprise when some people are lured in and tricked into giving away all sorts of information.

“However, the advice remains the same. Always check before handing over any information, especially when it involves personal financial data. There are also direct and easy channels to report such emails to, such as Action Fraud.”


Avatar photo

Aaron Hurst

Aaron Hurst is Information Age's senior reporter, providing news and features around the hottest trends across the tech industry.

Related Topics