Cyber Criminals Exploit Tax Season To Launch Email Attacks

Despite working in an industry that avoids paying tax contributions themselves, cyber criminals are actively exploiting the fact that the Western world is navigating through the end of the tax year by creating a range of fraudulent email scams pertaining to be from UK, US and Canadian Revenue services. 

According to the cyber security firm Proofpoint, that first spotted the emails, law firms and employees within them have been advised to be extra vigilant as an increase in emails from spoofed and HMRC domains are on the increase. 

HM Revenue and Customs have already become one of the most copied websites and organisations in the UK. Now, cyber criminals are using convincing social engineering techniques, like using the victims full name and convincing domains to steal sensitive data from unsuspecting businesses and individuals. 

It is important to note that official government correspondence will always try to approach a person in writing, via post, if they require any further action with a tax matter. Therefore, however legitimate they may look, any emails or phone calls that represent a first point of contact with HMRC will almost certainly be an attempted scam. 

According to a recent government report – Cyber Security Breaches Report 2019 – 27% of UK businesses are actively training their staff to avoid data breaches by spotting the warning signs and obvious red flags. Whilst this was a 7% increase on the previous year, it highlights an area of development that could leave many law firms and businesses vulnerable to human error.  

When any attachments are clicked in these fraudulent emails, cyber criminals are frequently using malware or ransomware to corrupt, delete and steal sensitive data that could have severe reputational and financial consequences. It is advised that any links are not clicked in all circumstances. 

A spokesperson from Proofpoint, commented: “Taxpayers can view their tax account information online and confirm any money owed there. 

“If you do need to speak with the representative via phone, you can call them using the phone number listed on the official website. 

“As a best practice, individuals should freeze their credit files to ensure that any information that may be leaked cannot be used to establish credit in their names.” 

How robust is the training your employees receive in regards to the dangers of cyber security? 

Rate this article:

Join the Discussion

Your email address will not be published. Required fields are marked *