Hackers and cyber scammers are taking advantage of the Coronavirus (COVID-19) pandemic by sending fraudulent email and WhatsApp messages that attempt to trick recipients into clicking on malicious links or opening attachments.
These actions can reveal your user name and password, which can be used to steal money or sensitive information.
Last week, the National Cyber Security Centre (NCSC), a part of Government Communications Headquarters, launched a cross-Governmental ‘Cyber Aware’ campaign, which offers actionable advice for people to protect passwords, accounts and devices. This includes specific advice for personal and professional use of video conferencing services, with tips on setting up accounts, arranging a chat and protecting your device, as well as a ‘Suspicious Email Reporting Service’ to make it easier for people to forward suspicious emails to the NCSC – including those claiming to offer services related to Coronavirus.
As the details of Government COVID-19 packages for businesses and employees continue to be rolled out, opportunists are sending scam communications pretending to be from HM Revenue & Customs (HMRC) and offering financial support.
- Within minutes of the UK Government’s furlough scheme going live, it was targeted by opportunistic hackers impersonating HMRC and inviting recipients to make a claim through what looked like an HMRC furlough claim website
- Another example is a phishing campaign pretending to be from HMRC, telling customers they can claim a tax refund to help protect themselves from the coronavirus outbreak.
- HMRC also refers to a text scam that asks recipients to call a phone number to appeal against a fine for leaving their house more than once.
- Then there is an email purporting to be from “Jim Harra, First Permanent Secretary and Chief Executive of HMRC,” inviting recipients to make a financial claim under the genuine UK government’s Coronavirus Job Retention Scheme.
- Direct phishing messages are also being sent to customers through WhatsApp and on social media. For example, a recent scam was identified on Twitter offering a tax refund.
Adding to the NCSC content, HMRC has sent out its own email highlighting these scams and warning: “If someone gets in touch claiming to be from HMRC, saying that financial help can be claimed or that a tax refund is owed, and asks you to click on a link or to give information, such as your name, credit card or bank details, please do not respond.”
HMRC confirms that they will never send notifications by email about tax rebates or refunds and asks that recipients do not:
– visit the website
– open any attachments
– disclose any personal or payment information
“Fraudsters may spoof a genuine email address or change the ‘display name’ to make it appear genuine,” HMRC says. “If you are unsure, forward it to us and then delete it.”
To help HMRC’s investigations they ask that you report full details of any potential scams by email to: firstname.lastname@example.org.
If you have any concerns relating to this matter, contact your usual Beavis Morgan Partner who will gladly assist.
Examples of phishing emails and bogus website are as follows (Source: gov.uk):