Not surprisingly given the opportunities and likelihood of being caught, a lot of crime is moving online. The latest crime statistics report that £190k is lost to UK citizens each day. It is increasingly common for clients to ask us whether certain emails especially purporting to be from HMRC are real and so we devote this month’s blog to looking at common phishing tactics and some tips to avoid being a victim of cyber crime.
The basic technique in a email phishing is to make the email look credible enough to get the recipient to provide confidential information. Usually there is a fake carrot or stick to motivate you to take the bait.
You should be aware that fraudsters are getting very sophisticated at making an email look credible. If your supplier has not been careful with their email security, a hacker may have access to their email account. You may be asked to pay in future into a different bank account.
Also be aware that email addresses can be spoofed which means that the ‘From’ field in the email does not show the email address that sent the email and has been replaced with a more credible email address.
In particular fraudsters have got excellent at faking HMRC emails. Generally you will being offered a tax rebate which then leads to providing bank information so that the refund can be effected. Other examples include fraudsters asking for funds so that goods being held in customs will be released.
HMRC has provided us with examples of bogus emails and communications, HMRC also gives guidance on distinguishing between genuine and fake communication. HMRC will never email to offer rebates or refunds, ask for any personal information.
Common telephone phishing scams include:
- Calls purporting to be from your bank asking you to update personal information or reset a password. In the background fake websites will probably have been set up to look and feel like your bank.
- Calls pretending to be from an IT corporate such as Microsoft telling you to protect your computer with a download which will ultimately harvest data.
- Calls pretending to be from HMRC about rebates or refunds.
- Calls pretending to be from HMRC or some other authority threatening a fine unless a payment is made.
As with email spoofing it is possible to make the call number that appears on your phone appear to be from a legitimate trusted number.
And the rest
Although email and telephone phishing are still the most common, social media, WhatsApp and text are also increasingly used for phishing.
Here are our tips for spotting and avoiding phishing:
- Do not click any links in emails or open any attachments unless you are sure you trust the sender
- Check email addresses
- Check website addresses
- Beware of anyone asking for personal information out of the blue
- Beware of anyone pressing for an urgent payment
- Beware any refunds or rebates that are unexpected
- Train your staff