Covid-19 phishing scams targeted by HMRC takedown operation

HMRC has taken down nearly 300 Covid-19 phishing scam sites in the last few weeks according to new data. The Inland Revenue has been asking Internet Service Providers (ISPs) to remove nearly 300 web addresses since the national lockdown commenced on March 23.

According to figures collated by legal firm Griffin Law under the Freedom of Information Act, of the 292 sites that have been removed some 237 were identified by HMRC.

Meanwhile, the remaining 55 have been highlighted by members of the public using the dedicated reporting inbox, which can be contacted via [email protected].. The phishing scams are a combination of emails and text messages, with the majority coming from mobile phone sources.

Since March, HMRC has also reported that it has discovered 62 active phishing scams to date, all of which have related to the Covid-19 pandemic and arrive via SMS.

Additional threats

A widely-reported phishing email scam has already been used to target business owners applying for the government’s Coronavirus Job Retention Scheme. The message has been sent to business owners using official HMRC branding and purports to be from ‘Jim Harra, First Permanent Secretary and Chief Executive of HMRC’.

The email asks for the bank account details of the recipient and includes the following message with typos. “Dear customer, We wrote to you last week to help you prepare to make a claim through the Coronavirus Job Retention Scheme. We are now writing to tell you how to access the Covid-19 relief. You will need to tell your us which UK bank account you want the grant to be paid into, in order to ensure funds are paid as quickly as possible to you.”

Cyber security expert Chris Ross, SVP, Barracuda Networks said of the scam: “We’re seeing a sharp rise in phishing emails relating to the Covid-19 outbreak and this example underlines how hackers will prey upon vulnerable business owners who are trying to protect jobs.

As always with these scams, the victim is encouraged to disclose personal data and financial information under the false assumption that the email is legitimate. It is absolutely vital that businesses have the cyber security systems in place to identify and quarantine phishing emails and ensure that every employee is properly trained to spot suspicious communication and think twice before giving out personal information.”


Source Article