As cyberattacks are becoming more and more commonplace, fraudsters have found a wide range of targets, from multinational companies to private individuals. As people are becoming increasingly aware of the dangers of scamming and are beginning to pay more attention to their online communications, cybercriminals are launching phishing campaigns where they pose as reputable institutions like banks or government agencies in an attempt to defraud people.
Fraudsters Use HMRC Tax Refund Process to Launch Phishing Campaign
According to the UK’s National Fraud and Cyber Crime Reporting Centre, ActionFraud, in the latest scam campaign launched, criminals are using HM Revenue and Customs details when approaching victims, in a bid to earn their trust. As ActionFraud reports, in March 2018 alone, HMRC received 84,549 reports of phishing incidents and identified 2,672 fake websites that it requested be taken down. As the tax year ended in April and HMRC are currently processing tax returns, fraudsters have seized the opportunity to send out fake emails and text messages where they pose as the HMRC and ask the potential victims to click on links in order to allegedly settle some issue with the agency. But instead of the HMRC website, the fraudulent link takes victims to fake websites where they are lured into providing their banking credentials, giving the cybercriminals unauthorised access.
In March 2018 alone, @HMRCgovuk received 84,549 #phishing reports and requested 2,672 phishing websites be taken down! https://t.co/0wpMQuVcZG
— Action Fraud (@actionfrauduk) 10 May 2018
How Does Phishing Work?
Phishing attacks are among the most popular types of attacks for hackers, with spear phishing being the most sophisticated and dangerous version. Phishing is a type of social engineering attack where the cybercriminal disguises as a trusted third party and tricks the victim into clicking on a malicious link. The victim is then duped into revealing sensitive information, or even gets hit with malware that is installed on their network after clicking on the link. Spear phishing attacks are unique in that they are more targeted than usual phishing campaigns. Regular phishing involves sending fraudulent emails from generally trusted sources to as many people as possible, counting on a low response rate – such as the Netflix scam emails that were sent out a couple of months ago. By contrast, spear phishing emails are more personalised and appear to come from sources closer to the potential victim – such as an employer or your bank. Therefore, they are more likely to be perceived as genuine by the recipient.
England and Wales: Online Fraud Most Widespread Crime
Online fraud is the most widespread type of crime in England and Wales, costing the public an estimated £10 billion – but only 20% of cases are reported to the police. According to the Public Accounts Committee, who penned the report, there were 2 million cyber-related fraud incidents in 2016 alone in England and Wales. ActionFraud has also warned on May 18, 2018 of another phishing campaign, as fraudsters are this time taking advantage of the GDPR implementation deadline to send out fake NatWest emails. These emails urge clients to “update their records” in view of GDPR compliance, unless they want their account “terminated” – a scam to get them to provide sensitive personal and financial details.
Fraudsters are taking advantage of #GDPR compliance with these @NatWest_Help emails! #PhishyFridays!
💻 Report them to us: https://t.co/0PsaQjRG4P pic.twitter.com/5fdsHgQffs
— Action Fraud (@actionfrauduk) 18 May 2018
According to ActionFraud, the Financial Secretary to the Treasury Minister warned against the HMRC scam emails and noted that all communication with HMRC is conducted only through the post or through the pay coming from an employer. All forms of electronic communication should be considered suspicious and reported to the HMRC.