Phishing Scam Promises £400 Council Tax Cut

Email users are being warned not to fall for yet another COVID-related lure after warnings of a new phishing campaign, this time promising the recipient a government-funded tax cut.

The email appears to come from the ‘Government Digital Service Team’ and claims to offer a rebate of nearly £400, according to think tank Parliament Street.

“You are getting a Council Tax Reduction (this used to be called Council Tax Benefit) considering you’re on a low income or get benefits,” the email begins.

“Total amount of benefits: GBP 385.50. The refunded amount will be transferred directly on your Debit/Credit card. Apply now to claim the reductions made over your past two years of Council Tax payments.”

However, the refund amount stated in the subject header is apparently £385.55, just one of several mistakes that would indicate to a suspicious recipient that this may be a scam.

Parliament Street said it had evidence the message had been delivered to hundreds of inboxes.

“Since the start of COVID-19, the cyber-threats facing adults in the UK has surged, and this latest attack is one of many which have been designed to prey on individuals’ vulnerability and fear during this trying time,” argued Absolute Software VP, Andy Harcup.

Stav Pischits, CEO of Cynance, added that it’s relatively easy for cyber-criminals to copy government-branding and text from official websites in order to create scam emails.

“All too often, weary workers who are struggling with the financial impact of the COVID-19 outbreak will jump at the chance for a discount or refund like this,” he argued.

“Anyone receiving an email like this should also double check the source address of the sender and carefully examine the communication for typos and errors, often associated with online scams. Failure to do so could put the financial and personal data of the individual and their employer at risk.”

Although there has been a notable increase in COVID-19 scam emails over the first half of the year, overall cybercrime is not up, according to Microsoft and others.

What’s Hot on Infosecurity Magazine?