If you’ve not yet received an email or other communication from what you initially think to be a trusted source, only to realise that it is in fact a scammer with nefarious intentions, then you’ve been very lucky.
One of the staff members here at Larsen Howie recently received a text message from their bank, as often happens. They clicked on the link and were directed to a website where they were told to put in their pin code and password. Only due to the slightly different interface, and we mean slightly, did they realise something wasn’t right and didn’t proceed.
Just to be safe, they called their bank, and were told they hadn’t tried to contact them, and that they should be super aware of scams similar to the one just described. The bank said that criminals behind such acts are using increasingly sophisticated methods that are getting trickier to spot. Our staff member was just a few mindless steps from revealing their bank details, and certainly had a lucky escape.
Now this might seem just general good advice – and it is, so keep an eye out! But a new scam is targeting contractors and other self-employed workers, as the supposed sender is HMRC.
Of course it’s not HMRC themselves. It’s someone in their back bedroom looking for your details, and using HMRC as a guise.
IT specialists Trustware have shed some light on the scam, which sees unfortunate recipients get a fallacious e-mail message that ostensibly comes from a HMRC support service domain.
The email contains a link to what claims to be a VAT return document, but in fact contains malicious JRAT malware.
Now we won’t claim to be experts on such topics as malware, but suffice it to say you don’t want to have to encounter it.
According to Trustware, things to look out for include the email header, which will read something like: HMRC Business Help and Support Email <[email protected]>. The subject line will likely be VAT Return Query. Did you notice the 'i' in the middle of HMRC in that email address... didn't think so...!
A statement from Trustware reads: ‘These cybercriminals are well aware of online processes and dependence of online mechanisms used by both public and private sector organisations and use this information to gain a victim’s trust. They are also aware of various deadlines such as those used by governments for tax returns and use this information to instill a sense of urgency.’
So as always, be very aware with what you download and open, and keep an eye out for anything that doesn’t seem right. But pay particular attention to anything you might receive from HMRC. As a contractor, it’s vital to get things right with this organisation, but do not blindly follow every instruction you might receive from them – it might not be them at all!