Covid-19 phishing scams targeted by HMRC takedown operation

HMRC asks ISPs to remove phishing addresses

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

HMRC has taken down nearly 300 Covid-19phishingscam sites in the last few weeks according to new data. The Inland Revenue has been askingInternet Service Providers(ISPs) to remove nearly 300 web addresses since the national lockdown commenced on March 23.

According to figures collated by legal firmGriffin Lawunder the Freedom of Information Act, of the 292 sites that have been removed some 237 were identified by HMRC.

Meanwhile, the remaining 55 have been highlighted by members of the public using the dedicated reporting inbox, which can be contacted via phishing@hmrc.gov.uk.. The phishing scams are a combination of emails and text messages, with the majority coming frommobile phonesources.

Additional threats

Since March, HMRC has also reported that it has discovered 62 active phishing scams to date, all of which have related to the Covid-19 pandemic and arrive via SMS.

A widely-reportedphishing email scamhas already been used to target business owners applying for the government’s Coronavirus Job Retention Scheme. The message has been sent tobusiness ownersusing official HMRC branding and purports to be from ‘Jim Harra, First Permanent Secretary and Chief Executive of HMRC’.

The email asks for the bank account details of the recipient and includes the following message with typos. “Dear customer, We wrote to you last week to help you prepare to make a claim through the Coronavirus Job Retention Scheme. We are now writing to tell you how to access the Covid-19 relief. You will need to tell your us which UK bank account you want the grant to be paid into, in order to ensure funds are paid as quickly as possible to you.”

Cyber security expert Chris Ross, SVP, Barracuda Networks said of the scam: “We’re seeing a sharp rise inphishing emailsrelating to the Covid-19 outbreak and this example underlines how hackers will prey upon vulnerable business owners who are trying to protect jobs.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

As always with thesescams, the victim is encouraged to disclose personal data and financial information under the false assumption that the email is legitimate. It is absolutely vital that businesses have the cyber security systems in place to identify and quarantine phishing emails and ensure that every employee is properly trained to spot suspicious communication and think twice before giving out personal information.”

Rob Clymo has been a tech journalist for more years than he can actually remember, having started out in the wacky world of print magazines before discovering the power of the internet. Since he’s been all-digital he has run the Innovation channel during a few years at Microsoft as well as turning out regular news, reviews, features and other content for the likes of TechRadar, TechRadar Pro, Tom’s Guide, Fit&Well, Gizmodo, Shortlist, Automotive Interiors World, Automotive Testing Technology International, Future of Transportation and Electric & Hybrid Vehicle Technology International. In the rare moments he’s not working he’s usually out and about on one of numerous e-bikes in his collection.

Nokia confirms data breach leaked third-party code, but its data is safe

Rising AI threats are making firms turn back to human intelligence

Black Friday is here: Sony XM5 over-ears drop to their lowest-seen price – act fast!