UK government-backed cybersecurity awareness body Get Safe Online has warned users of an increase in tax-themed phishing scams ahead of HMRC’s 31 January tax return deadline.
Spoofing emails so that they appear to come from either HMRC or related government agencies has been a popular tactic amongst online scammers hoping to trick users into giving away financial and other information.
Other phishing emails might contain a malicious link or malware hidden in an innocuous looking attachment. Once clicked or opened, this could download ransomware, information-stealing malware or some kind of spyware.
Another increasingly popular scheme is to persuade taxpayers to use copycat websites instead of the official HMRC page. These fake sites charge high fees for services which are either free or provided at low cost by the government.
The deadline for self-assessment tax returns is 31 January, while the deadline for tax credit renewals is 31 July – with phishers ramping up their activity in the weeks before both, Get Safe Online said.
Nearly 25,000 phishing emails were reported to HMRC and 611 scam websites shut down in the run up to the last tax credit renewal deadline, according to Get Safe Online CEO, Tony Neate.
“Taxpayers need to be on high alert for any suspicious emails or texts that trick them into sharing personal or payment information or which make them pay for a service which, through the official government, should be free,” he warned in a statement.
“HMRC will never inform you about a tax rebate or penalty over email or text, so if you do receive emails asking for personal information, report them immediately to make sure you don’t fall victim.”
Get Safe Online also urged the public not to open any attachments that might come with such emails and to scrutinize the sender’s email address to check it has come from a trusted source.