Business owners have been warned of an HMRC Retention Scheme email scam attempting to deceive businesses into handing over private company data.
According to Lanop Accountancy Group, cyber criminals are using the scam to exploit business owners who may be seeking to make a claim through the government’s Coronavirus Job Retention Scheme, which allows employers to claims for their employees’ wages.
Lanop Accountancy Group said the email purports to be from Jim Harra, chief executive of HMRC, and asks for businesses to supply their UK bank account details so that the grant can be paid. The tell-tale signs were spelling mistakes in the letter and the fact that the send address was from @ncryptedprojects.com, despite its user title being ‘HM Revenue & Customs’.
This latest scam comes as research from cyber security company Barracuda Networks suggested that Coronavirus-related phishing emails have risen by 667% since the start of March. The scams include fraudulent communication impersonating the World Health Organisation and the NHS.
Aurangzaib Chawla, managing partner, Lanop Accountancy Group, said: “We’re calling upon all businesses to think twice before handing over bank details and making bank transfers in response to email requests during this crisis. Cyber crime is rising rapidly and this is the first of what we expect to be many scam emails, designed to trick unsuspecting owners into handing over private company data. We are also offering free advice about how to tackle these scams and reporting any suspicious activity direct to HMRC.”
Chris Ross, SVP, Barracuda Networks, added: “We’re seeing a sharp rise in phishing emails relating to the Covid-19 outbreak and this example underlines how hackers will prey upon vulnerable business owners who are trying to protect jobs.
“As always with these scams, the victim is encouraged to disclose personal data and financial information under the false assumption that the email is legitimate. It is absolutely vital that businesses have the cyber security systems in place to identify and quarantine phishing emails and ensure that every employee is properly trained to spot suspicious communication and think twice before giving out personal information.”
