HMRC phishing scam targets passport information

A phishing scam designed to steal personal and financial information from self-employed workers is now trying to capture passport information from victims.

Details explain how people are informed via SMS that they may be eligible for a tax refund. They are then redirected to a fake web page that looks like the official HMRC site. The recent addition to this scam includes requesting passport information as part of a ‘verification’ process.

HMRC will never send notifications of a tax rebate or ask that personal or payment information, including passport information, be disclosed by email or text message.

Spotting scam messages and phone calls is becoming increasingly difficult as they get more and more advanced. However, there are some tricks that criminals will use to try and get you to respond without thinking. Below are some things to look out for:

• Is the message claiming to be from someone official? For example, your bank, doctor, a solicitor, or a government department. Criminals often pretend to be important people to trick you into doing what they want.

 

• Are you told you have a limited time to respond? (‘Please respond immediately’) Criminals often threaten you to respond quickly by saying there will be consequences such as fines

 

• Does the message make you panic or curious? Criminals often use threatening language, or make you want to find out more.

 

• Are you expecting to see a message like this? Criminals often exploit current news stories, big events or specific times of year to make their scam seem more relevant to you. (Just like the number or Coronavirus scams)

 

These scams show us how sophisticated these scams are becoming, the fact that attackers are putting this level of effort into making a good scam email and landing site shows that they work at least some of the time.

At Cyber Wise we offer several training courses tailored around the most popular forms of attacks and perform simulated phishing attacks that will test your employee’s skills on spotting phishing emails.

If you would like to see examples of popular phishing emails Cyber Wise has a phishing gallery where we showcase some of the phishing emails our employees have received, these are real-world examples of what attackers will do to try and get your personal information. Each phishing email is also annotated to tell you the tell-tale signs of these false emails. If you would like to read our phishing gallery, click here.