Kaspersky Comment: Phishing emails imitating HRMC to exploit the Coronvirus Job
October 2020 by Kaspersky
Kaspersky experts have recently found examples of phishing emails imitating HRMC to exploit the Coronvirus Job Retention Scheme. Should you be writing any pieces on this, please feel free to use the quote below from David Emm, Principal Security Researcher at Kaspersky.
David Emm, principal security researcher at Kaspersky, said,
“Kaspersky experts are seeing continued high rates of dangerous phishing scams in the form of fake HMRC emails that exploit the Coronavirus Job Retention Scheme. Researchers have uncovered hundreds of emails imitating HMRC, which ask people to provide their personal data in order to receive payments. It serves as a great reminder that during this ongoing crisis, cybercriminals are always on the lookout for topical issues that they can exploit to trick the unwary into installing malware or disclosing personal information that can be used to access their online accounts. As a result of the COVID-19 pandemic, many people have been left in need of financial support, and cybercriminals are using this to catch individuals off guard by sending out phishing emails in an attempt to steal personal information. To avoid mistaking a scam for a real offer of assistance, Kaspersky recommends the following:
• Apply for government support only on official websites. Do not follow links in e-mails, and do not open attachments. Instead, type the URL of the relevant agency into the browser, and check there if you’re entitled to compensation.
• Pay attention to the sender’s address: If it looks like gibberish or the domain belongs to a free webmail service, it is hardly likely to be from a government body.
• Pay attention to how the message is written and how the website looks. Civil servants usually do not send out messages full of typos and strings of exclamation points. Also be wary if the e-mail mentions long lines of applicants or tight deadlines.
• A demand to pay an up-front fee to get the process started (or for any other reason) is another sure sign of fraud. Bona fide government departments and banks do not require this. If there really is a commission to pay, a real organisation will simply deduct it from the amount that you are due.
• Follow the governmental guidance which also includes examples of HMRC related phishing emails: https://www.gov.uk/government/publi...