Cyber criminals are running a new phishing scam designed to steal personal and financial details of self-employed workers, using the government’s coronavirus support scheme.
The scam, uncovered by litigation specialists Griffin Law, sends a text message to those using the Self-Employment Income Support Scheme (SEISS) offering a tax rebate purporting to be from HM Revenue & Customs.
Victims are directed to a realistic copy of the HMRC government website and asked to provide their email address, postcode and HMRC log-in details, as well as key financial details, including their card number, name on card, account number, security code and expiry date.
It is the latest in a series of HMRC-branded phishing scams designed to target people during the Covid-19 outbreak and follows Chancellor Sunak’s announcement that SEISS will be extended.
Chris Rose, SVP, Barracuda Networks, said: “We’ve seen a sharp rise in these kinds of schemes, often carefully crafted and timed alongside new government funding announcements to increase the likelihood of duping unsuspecting workers into handing over personal financial data.
“Tackling this growing threat requires businesses to have the necessary security systems in place to identify suspicious emails and texts, as well as warning employees to remain vigilant against requests for private information from unverified sites and URLs, often sent to their phone. All it takes is one mistake and cyber criminals could get hold of the full details of a company debit card and bank account, causing serious problems for business owners in a particularly tough time.”
Andy Harcup, VP, Absolute Software, commented: “It’s no surprise that hackers are trying to cash-in on the Covid-19 outbreak, with increasingly opportunistic and sophisticated phishing scams framed around HMRC support programmes.
“This particular scheme is designed to trick unsuspecting self-employed workers into claiming a tax refund, at a time when many people are struggling to make ends meet. It is vital that users remain vigilant to such attacks, checking the origin and legitimacy of sites before handing over confidential financial data. It’s also critical that companies ensure they have the necessary cyber security systems in place to protect against malicious communications across all workplace laptops and devices, to keep hackers at bay.”
