Tax & admin 16 March 2017

Could you spot an HMRC phishing scam if sent one?

SMS Phishing scam
A phishing scam can come in many forms, from email through to SMS
Lee Murphy, owner of accountancy software business Pandle, guides us through some simple steps effective in identifying a phishing scam or fraudulent HMRC letter.

Taxman or criminal. Once an easy judgement call, deciphering between real and forged communication from HMRC, and others, is becoming an increasingly challenging feat.

In 2014 alone, almost 50 per cent of HMRC customers reported that they had been targeted by a phishing scam and in 2013 there were 91, 000 phishing emails were passed on to the trade body.

In the past, broken English and dodgy-looking web-links clearly marked phishing scams apart from official HMRC communication. But now, the sophistication of these scammers has noticeably stepped up. Our firm, as well as our clients, have been targeted by spam that appears increasingly genuine.

Today, you can expect to receive fraudulent requests for bank details and money, in printed letters and emails. The written quality is far greater than in the past, and the senders appear in cases to be authentic. It would seem that the criminals behind these phishing scams have brushed up on government mail-outs as their attempts closely mirror the language used in official notices making it much harder to vet the forged from the real.

In addition, logo reproduction has greatly improved and website link-throughs are far less suspicious. Even the emails? sender tag now closely matches the government’s own.

I spend much more time today, than I have in the past, trying to sift out the fake notices from the genuine. On an average week our clients, and our firm, receives around five fraudulent letters in the post, and weve stopped counting the number of phishing scam emails we receive on a daily basis. Overall, this new wave of phishing is becoming a large drain on productivity.

More of these attempts are coming in the door due to a transparency drive that has pushed information about businesses online. Companies House now displays company addresses, filing status and business directors for free. Fraudsters use this data to target business owners with requests for information and payments that seem specific to their company.

Just recently we had a letter come in regarding our trademark application, information of which can be found on a government site, requesting that we pay a fee by a certain date or have our application revoked. Although we identified this as a phishing scam, the fact that criminals can now use your business? personal information against you is highly alarming.

Fraudulent email sent to Pandle regarding its trademark application

Pandle_phising letter (1) (2) copy 2

But don’t just expect phoney communication from those posing as government agencies. We also recently received a notice from a legitimate company requesting payment for a photo that we used on our website, flagging a copyright breach. We knew that the photo in question was used fairly and that the attempt was unfounded, but it came as a surprise to see that it’s not just individuals behind these phishing scam attempts, companies are too.

As were an accounting practice, we also have fraudulent attempts aimed toward gaining our HMRC portal login codes so that criminals can target our clients. Weve had to step up our security awareness measures to combat this.

Overall, these scammers are giving British businesses a problem each could do without. Business owners should be spending their time focusing on their operations rather than trying to figure out if they owe money to a government body or not. This said, there are steps that you can take to reduce your chance of falling victim.

Avoid email links

If an email asks for information regarding your taxes or finances, you can assume an ulterior motive is at play. Rather than clicking on the link in the email, manually type in the URL.

don’t give in to an electronic request

Instead of paying via the form you’re guided to, go to HMRC’s website and check amounts owed and pay there.

Ask a professional


 
TAGS:

From the top