July 31st is the deadline to file a tax credits renewal with HMRC or pay the second instalment of income tax. The danger now, says Trusteer, is that tax credit filers will click on unsolicited emails that look as though they might have been sent by HMRC, and in doing so, may end up infecting their home or office computers.
“Back in February we warned online banking users of phishing and malware infections stemming from emails offering Internet users a tax refund. And given that such phishing emails are twice as successful as bank phishing attacks, cybercriminals have realised that an email with HMRC in its message header is a lot more attractive to recipients,” said Mickey Boodaei, Trusteer’s CEO.
It’s likely that hackers will exploit this interest in tax credits and tax refunds generally, with a rash of infected emails and/or messages with links to infected Web sites.
Tax credit and HMRC refunds dangle free cash at Internet users, and persuades them to lower their normal credulity guard. Then, when they see a choice of bank sites from the “HMRC landing page” they click on the link and immediately start entering their bank and other personal details.
The net result of this is not a credit to the recipient’s bank account, but usually a fraudulent debit – or series of debits – that empty the account by cyber-criminals.
When Internet users receive what appears to be a tax credit or similar HMRC cash giveaway – or any deal that looks very tempting – the first thing they should do is fire up a search engine and look for reports of a possible scam.
The rate of HMRC phishing attacks stays fairly constant for most of the year, but that deadlines such as the end of July Tax Credits filing target tend to trigger a surge in HMRC-related phishing emails.
It’s important that Internet users realize that around one in three financial phishing attacks in the UK is targeting HMRC. To counter this, users should avoid clicking on links within emails.