Save content
Have you found this content useful? Use the button above to save it to your profile.
AIA

Employers targeted in new HMRC phishing twist

by
31st Jan 2014
Save content
Have you found this content useful? Use the button above to save it to your profile.

Scammers concocted a convincing replica of an HMRC Employer Bulletin in an increasingly sophisticated approach to phishing for personal information from businesses and accountants.

HMRC’s Employer Bulletin 46 and accompanying e-alerts are due to go out on 17 February. However HMRC this week warned employers not to be tricked by a fake version of the e-alert luring recipients into downloading a Trojan horse virus that can let hackers into the user's computer.

Criminals behind the scam circulated fake emails based on the usual HMRC e-alert wording to a list of likely recipients. 

Instead of the usual URL link to the Employer's Bulletin, the email contains an infected zip file. Anyone receiving emails from the tax department is advised not to click any such attachment.

Apart from copying the format of the alerts, the scammers did not have access to any of HMRC's data, the department said.

“Figures show that there have only been around 20 cases reported so far, so we seem to have caught this one early,” HMRC said.

“The phishing team have instigated all their security processes. The security team have informed us that this is a criminal act and HMRC are not responsible. HMRC systems are not affected because of our firewalls.”

Earlier this month, similar phishing mails appeared in the guise of self assessment submission emails.

HMRC is not alone in being targeted by phishing attempts, as accountants with access to HMRC's online systems are very valuable targets for organised gangs. 

AccountingWEB this week also saw comments purporting to be for a legitimate, well-known tax software website that redirected people to a fake portal that encouraged them to download a trial version. This, no doubt would also have contained a virus, but we did not risk inspecting it more closely.

Some tips and advice to be wary of being scammed include:

  • Never open file attachments (especially zipped ones), unless you know who is sending it to you and why
  • Don’t click on links unless from a trusted source
  • Have an up-to-date anti-virus programme and run scans frequently
  • Use complex passwords and change them frequently
  • If in doubt, pick up a phone and speak to someone at the organisation that claimed to have sent the email.

For more advice on dealing with phishing emails and fake portals, see Revenue warns of tax return email scam

Tags:

Replies (1)

Please login or register to join the discussion.

avatar
By chocolate-eater
07th Feb 2014 08:37

Zip attachements

I am being constantly targeted by these sorts of emails and I am not sure how to stop it.  Every day emails from HMRC like the above, or now payroll RTI submissions, companies house reports, invoices from various companies - all zip files.  It is like I am being targeted by these gangs.

Luckily I have a good anti virus and never open these files.

I however must be the tip of the iceberg and I am guessing these gangs are so big; nothing can be done about them. 

I have read how one virus infects your computer but encrypting all your files.  Only by paying a fee can you get them back.  I wonder how many people have fallen for this and have probably not mentioned anything due to feeling embarrassed.

It seems this is huge organised crime that is being swept under the carpet at the moment.

 

 

Thanks (0)