Tax scam season – how to stay one step ahead of the fraudsters

More and more of people and businesses are beginning to do our taxes online, which, although convenient, creates another route in for fraudsters – phishing. In just one example, the recent HMRC email scam sends fake e-mails which request that the recipient creates a “government gateway account” in order to access information about a tax rebate, and subsequently demands your banking details.

In addition, recent ONS figures show that online fraud is now the most common crime in the UK, affecting one in ten people. Not only is this form of crime growing, scams are also becoming more varied and more sophisticated, meaning that consumers and businesses alike must be vigilant and aware of the threats.


For several years in a row, the number of fraudulent schemes targeting clients of financial institutions has been increasing, with attacks becoming more versatile.

Phishing e-mails are the attempt to entice you into providing sensitive information by pretending to be a legitimate organisation (e.g. HMRC). Phishing is a popular way for fraudsters to target people over the Internet, because web browsing has become safer.

>See also: R&D tax credits: a game changer for IT sector

Popular web-browser developers and Internet security vendors have implemented a range of anti-phishing and other protection tools, making it harder for cybercriminals to propagate their malware through infected web pages.

In 2016 the proportion of spam in e-mail traffic was 58.31%, which is 3.03% higher than in 2015. This was the first registered growth since 2009. The tax season has become a treasure trove of sensitive personal information and financial data, which cyber criminals now see as a quick earning opportunity given that taxpayers are often overwhelmed by the complexity of filing their taxes.

Multi-channel attacks

Troublingly, the means of distributing fraudulent pages to taxpayers have gone way beyond the scope of e-mail. Cybercriminals are using all available tools to contact potential victims, whether that be text messages, advertising or social networks.

Fraudsters also trick people into giving out information over the phone, which they then use to access an account directly or to send credible-looking phishing e-mails.

Take for example, the recent phone scam in which you receive a call from a local number, where the scammers ask “Can you hear me?”. Responses are then recorded, and if you answer ”Yes”, this is edited to appear as if you have agreed to a purchase.

>See also: IHS Markit: a challenge to the big two?

Another example is the investment scam which took place earlier this year, in which a fraudulent company used aggressive sales tactics over the phone with elderly and vulnerable people, to convince them to invest. One victim was convinced to pay a huge £700,000 to the tricksters.

Messaging and apps

In recent years, fraudsters have turned their attention to fraudulent apps, giving cybercriminals access to personal information which they can then secretly extract.

A recent survey by LexisNexis Risk Solution uncovered the fact that 54% of UK millennials are worried about their identity being stolen through app-based activities. The rise of financial scams was also put down to the app boom, with the British Bankers Association reporting that there was a 54% increase in the use of mobile banking apps on the previous year. These types of platforms, which are only increasing in use, are opening further avenues for financial fraud.

In conclusion, both businesses and consumers should ensure that they are suitably prepared and vigilant when it comes to tax scams. Kaspersky Lab constantly hears about these threats increasing in variety and complexity, and unfortunately, much as is the case with ransomware, some people end up parting with their hard-earned cash.

>See also: Cybercrime increasingly important for professional services firms

Kaspersky Lab would recommend the following top tips for staying safe when managing your tax affairs this year:

1. Give yourself plenty of time to file your tax return to lessen the risk of responding to a scam message.
2. Don’t trust advice about how to get a refund unless it comes from a tax professional or source that you trust – if in doubt, always double-check.
3. Don’t assume that a bank or government agency would have access to your tax details. They will not have granular information about your tax return. Even if it looks legitimate, check over the details first and if in doubt, contact the apparent source of the information using publicly available contact information (not details from the communication you’re trying to verify).
4. If using a mobile app to file your tax return, make sure it’s the legitimate app and not a fake, that you’re on a trusted wi-fi network and that you have mobile Internet security that is up-to-date. Do not click on attachments or links in messages that look suspicious or that you have received from unknown people. They could be malicious.
5. Do not enter your credit card details on unfamiliar or suspicious sites, to avoid the risk of passing them on to cybercriminals. Fake sites can be made to look just like the legitimate site that they’re trying to spoof. It’s always best to type in a URL yourself and you should always check that there’s a secure connection between you and the site – look for ‘https’ at the start of the address bar.
6. Install a security solution on your device, with built-in technologies designed to prevent financial fraud. For example, the Safe Money feature in Kaspersky Lab solutions creates a secure environment for financial transactions.


Sourced by David Emm, principal security researcher at Kaspersky Lab

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...

Related Topics