Employers targeted in new HMRC phishing twist
Scammers concocted a convincing replica of HMRC's most recent Employer Bulletin in an increasingly sophisticated approach to phishing for personal information from businesses and accountants.
HMRC’s Employer Bulletin 46 and accompanying e-alerts are due to go out on 17 February. HMRC this week warned employers not to be tricked by a fake version of the e-alert containing false links designed to lure the recipients into downloading a Trojan horse virus that can give them access to the user's computer.
Criminals behind the scam circulated fake emails based on the usual HMRC e-alert wording to a list of likely recipients.
Instead of the usual URL link to the Employer's Bulletin, the email contains an infected zip file. Anyone receiving emails from the tax department is advised not to click any such attachment.
Apart from copying the format of the alerts, the scammers did not have access to any of HMRC's data, the department said...