#COVID19 HMRC Phishing Scams Persist, Begin Targeting Passport Details

Fraudsters are continuing to exploit self-employed people with advancements in already-established COVID-related HMRC phishing scams.

Uncovered by Griffin Law, the latest variation of this attack is now targeting the passport details of self-employed people, along with other information including personal and bank details.

According to Griffin Law, the scam begins with a text message purporting to be from HMRC informing the recipient they are due a tax refund which can be applied for online via an official looking site that uses HMRC branding and is entitled “Coronavirus (COVID-19) guidance and support.”

The bogus site then asks for several pieces of the user’s sensitive information before also requesting their passport number as ‘verification’ – a new aspect of the scam previously discovered by Griffin Law.

So far, Griffin Law has ascertained that around 80 self-employed London-based workers have reported receiving this scam to their respective accountant.

Stav Pischits, CEO of Cynance, said: “The COVID-19 crisis has triggered a sharp rise in phishing attacks targeting businesses and individuals with realistic scams promising financial support and purporting to be from HMRC.

“All it takes is a single employee to accidentally hand over confidential company information, such as bank account details, a username or password for a potentially catastrophic data breach to occur.”

It’s therefore vital that all companies invest in improving cybersecurity procedures, particularly with millions of employees working remotely for the foreseeable future, he added.

Chris Ross, SVP, Barracuda Networks, warned that cyber-criminals will continue to exploit any situation to harvest financial data from individuals and see the national emergency as the perfect opportunity to fool vulnerable victims into handing over personal information.

“Security awareness is key within the workforce, and it’s vital that all employees are trained about how these schemes operate as well as how SMS can be exploited as part of a wider phishing scheme.”

What’s Hot on Infosecurity Magazine?