Tax & admin · 21 September 2016

HMRC reveals fraudulent email red flags

cyber_crime
Figures indicated that £1bn was lost to cyber crime in the last year.

A word of warning to small businesses, HM Revenue and Customs (HMRC) has published revised guidelines to help people recognise phishing emails and fraudulent activity in their inboxes.

Online crime has become an increasing threat to small businesses. Earlier this year, figures from Get Safe Online and Action Fraud indicated that £1bn was reported lost due to cyber crime between March 2015 and March 2016.

Limited resources make small firms more vulnerable when dealing with the repercussions of online crime, and research this year from cloud computing company Intermedia revealed that 12 per cent of ransomware attacks are now targeted at micro businesses.

Phishing emails have been reported to be the most common cause of cyber crime among small businesses, amounting to half of all attacks, according to research from the Federation of Small Businesses (FSB).

GOV.UK defines phishing as: “The fraudulent act of emailing a person in order to obtain their personal/financial information such as passwords and credit card or bank account details.”

We have provided readers with an outline of the revised guidelines from HMRC, to help business owners understand what they can do to protect themselves from cyber crime, fraud and online threats.

Incorrect “from” address

Fraudsters have become increasingly capable of imitating official “from” addresses in attempt to fool recipients. For example, by including key terms such as “refunds@hmrc.org.uk”, or by spoofing the real address altogether – “@hmrc.gov.uk”.

Personal information

HMRC has reiterated what kinds of emails it will never send. You will never be asked to disclose any personal information such as address or bank account details.

Emails from HMRC will never provide links to a secure log-in page or a form – any personal information that HMRC is required to collect will be gathered on the official online accounts of users.

Urgent action required

Fraudsters commonly urge immediate action on bogus emails. Avoid opening any emails that request action to be taken urgently, for example “you only have three days to reply”.

External web pages

Fraudulent web pages have become increasingly sophisticated. By using official branding or copying the look of a website, fraudsters are able to lead users to bogus external pages without users realising, in the hope that personal information will be freely disclosed.

Common greeting

One way to spot a fraudulent email instantly is through the use of a common, rather than personalised, greeting. Fraudsters often release identical emails to a high volume of recipients.

Official emails from HMRC will usually use your own name, as well as including information on how to spot and report phishing emails.

The key message with regards to fraudulent emails remains: if you are not 100 per cent certain it is sent from HMRC, do not open it. If you have already opened the email, do not click on any attachments or external links.

The self-assessment tax deadline marks a peak in activity among cyber criminals, as fraudulent emails reach 40 per cent of self-employed tax payers.

Sign up to our newsletter to get the latest from Business Advice.


 
TAGS:

ABOUT THE EXPERT

Simon Caldwell is a reporter for Business Advice. He has a BA in politics and communications from the University of Liverpool, and previously worked as a content editor in the ecommerce industry.

Q&A

If you’ve found the article above useful, but have a more detailed and bespoke question, then please feel free to submit a query to our expert. We at Business Advice will get in contact with them on your behalf and arrange for a personalised response. These questions and answers will then be collated on the site for any other readers who have similar queries.

Ask a question

From the top

Find out how KPMG Small Business Accounting can really work for you

FIND OUT MORE