Search Menu
StaffNet Wellbeing Support

Beware Tax Season Phishing

Beware Tax Season Phishing

Cyber criminals are very good at exploiting seasonal events and current affairs to lend legitimacy to their scams. This can include parcel delivery scams around the festive season, or fake donation requests following natural disasters.

As we approach the end of the financial year, many businesses and individuals have recently submitted their tax returns and are making plans for the following year.

Emotions can run high when finances are involved, which presents an opportunity for criminals to trick unsuspecting victims into providing sensitive information, transferring funds, or downloading malware onto their devices.

What to look out for:

  • Potentially the most common premise for criminals to exploit is to send emails impersonating HMRC. These emails may create a sense of panic by stating there was an issue with a tax return and state that more money is owed in taxes.

The email will often go on to claim that non-payment can lead to fines or criminal prosecution. The perpetrators will be hoping that the recipients will panic and act quickly to resolve the perceived issue without stopping to verify the email.

  • Another approach is to create a sense of elation by claiming that the email recipient has overpaid on their self-assessment and is owed tax back. The email will request the recipient to click a link to claim their refund. This approach is effective where the goal is not direct financial theft, but rather the theft of information, credentials or to deploy malware.
  • Threat actors can also impersonate accounting firms or solicitors claiming to be acting on your behalf or on behalf of HMRC.

How you can help prevent an attack:

  • Trust no one!
    • Be particularly wary if the sender tries to create a sense of urgency, even if the email is from an authority figure.
    • If something seems too good to be true, it probably is.
  •  Report phishing:
    • If you receive a suspicious email, report it immediately by clicking the “Report Phishing” button in Outlook. The Information Security team check every report. Report Phishing button in Outlook
    • You can find detailed instructions on our webpages
  • Report any suspected compromise immediately:
    • This will help us prevent the situation escalating further.

For further guidance, see our previous news bulletins on Phishing, Social Engineering, Malware, and Passwords.

Search News

Browse by Month

2024

  1. Jan
  2. Feb
  3. Mar
  4. Apr
  5. May There are no items to show for May 2024
  6. Jun There are no items to show for June 2024
  7. Jul There are no items to show for July 2024
  8. Aug There are no items to show for August 2024
  9. Sep There are no items to show for September 2024
  10. Oct There are no items to show for October 2024
  11. Nov There are no items to show for November 2024
  12. Dec There are no items to show for December 2024

2013

  1. Jan There are no items to show for January 2013
  2. Feb There are no items to show for February 2013
  3. Mar
  4. Apr
  5. May
  6. Jun
  7. Jul
  8. Aug
  9. Sep
  10. Oct
  11. Nov
  12. Dec