A word of warning to small businesses, HM Revenue and Customs (HMRC) has published revised guidelines to help people recognise phishing emails and fraudulent activity in their inboxes.
Online crime has become an increasing threat to small businesses. Earlier this year, figures from Get Safe Online and Action Fraud indicated that £1bn was reported lost due to cyber crime between March 2015 and March 2016.
Limited resources make small firms more vulnerable when dealing with the repercussions of online crime, and research this year from cloud computing company Intermedia revealed that 12 per cent of ransomware attacks are now targeted at micro businesses.
Phishing emails have been reported to be the most common cause of cyber crime among small businesses, amounting to half of all attacks, according to research from the Federation of Small Businesses (FSB).
GOV.UK defines phishing as: “The fraudulent act of emailing a person in order to obtain their personal/financial information such as passwords and credit card or bank account details.”
We have provided readers with an outline of the revised guidelines from HMRC, to help business owners understand what they can do to protect themselves from cyber crime, fraud and online threats.
Incorrect “from” address
Fraudsters have become increasingly capable of imitating official “from” addresses in attempt to fool recipients. For example, by including key terms such as “firstname.lastname@example.org”, or by spoofing the real address altogether – “@hmrc.gov.uk”.
HMRC has reiterated what kinds of emails it will never send. You will never be asked to disclose any personal information such as address or bank account details.
Emails from HMRC will never provide links to a secure log-in page or a form – any personal information that HMRC is required to collect will be gathered on the official online accounts of users.
Urgent action required
Fraudsters commonly urge immediate action on bogus emails. Avoid opening any emails that request action to be taken urgently, for example “you only have three days to reply”.
External web pages
Fraudulent web pages have become increasingly sophisticated. By using official branding or copying the look of a website, fraudsters are able to lead users to bogus external pages without users realising, in the hope that personal information will be freely disclosed.
One way to spot a fraudulent email instantly is through the use of a common, rather than personalised, greeting. Fraudsters often release identical emails to a high volume of recipients.
Official emails from HMRC will usually use your own name, as well as including information on how to spot and report phishing emails.
The key message with regards to fraudulent emails remains: if you are not 100 per cent certain it is sent from HMRC, do not open it. If you have already opened the email, do not click on any attachments or external links.
The self-assessment tax deadline marks a peak in activity among cyber criminals, as fraudulent emails reach 40 per cent of self-employed tax payers.
Sign up to our newsletter to get the latest from Business Advice.