As we roll into the 2019/20 tax year, the world’s hackers, scammers and cybercriminals are gearing themselves up to bombard us with phishing emails and tax-themed malware.
Proofpoint, an American company that monitors such cybercriminal activities has issued a timely warning of ‘expected seasonal increase in tax-themed campaigns.’ In particular, they warn that we will see more and more remote-access trojans (RATs) being deployed.
This year we observed a seasonal increase in tax-specific trend that Proofpoint first identified in 2018, the distribution of a variety of remote access Trojans (RATs) including Orcus Rat, Remcos RAT and NetWire.
Taxpayers should be wary of convincing-looking emails from cybercriminals, which use social engineering in subject lines, spoofed email addresses and ‘decoy’ links to convince victims to disclose tax information.- Kevin Epstein: Vice President of Threat Ops, Proofpoint
In the UK each year HMRC issues guidelines for avoiding being scammed. It also recommends that any attempted attacks should be reported to HMRC. They ask you to email them to email@example.com to help stay on top of the criminal campaigns.
Fraudsters will often spoof a genuine email address or change the display name to make it appear genuine. It is recommended to forward it to them if unsure and then delete.
Remember, HMRC never, ever sends out notifications by email, particularly with regard to tax rebates and refunds. HMRC will only inform you about any rebates or refunds through the post or through your pay via your employer.
The tax man will never contact you through email, text messages or voicemail messages. So, if you receive such a message do not click on any links or attachments. Instead forward them to HMRC so they can deal with the attackers.
Most dodgy emails and text messages will include links to spoof websites where your information can be stolen. Last year HMRC requested 2,672 phishing websites be taken down and received 84,549 phishing reports.
It has always been so but is worth reiterating that legitimate organisations like banks and HMRC will never contact you out of the blue to ask for your PIN, password or bank details. Never, ever give out your private information.
This then HMRC urges is the time to be extra vigilant. To recognise the signs and stay safe and finally take action by reporting any suspicious activities or using its online fraud reporting tool.
If not sure, check GOV.UK for information on how to avoid and report scams and how to recognise a genuine HMRC contact.
Image: Images of Money’s Project