Hundreds of consumers have received fraudulent messages from scammers seeking to capitalise on fears over the spread of coronavirus, a cyber security specialist has warned.
As the number of infections continues to rise in the UK, fraudsters have adapted phishing emails in an attempt to lure the vulnerable with the promise of a tax refund from HM Revenue & Customs.
Researchers at Mimecast, an online security company, have recorded hundreds of texts or emails containing a link that directs recipients to a fake website bearing an HMRC logo. The website claims that as a precaution against Covid-19, the government has established a new tax refund programme for dealing with the coronavirus outbreak.
According to the fraudulent website, the precaution measure was established “in cooperation with National Insurance and National Health Services” and enables the recipient to receive a tax rebate.
The website encourages victims to share their name, address, phone number, mother’s maiden name and bank card number — details that would equip a fraudster with enough information to access a victim’s bank account or purchase a financial product in their name.
“Traditional and already-known attacks are often modified to incorporate current geopolitical events that are taking place in an attempt to lure the vulnerable to click on links in emails or texts,” said Mimecast. “This certainly isn’t the first time we have seen [this], as it has also been observed during the Australian wildfires and even Brexit.”
HMRC said such scams often target the elderly, using a well-known brand to dress up their claims.
“If someone emails or calls you claiming to be from HMRC saying that you are owed a tax refund, and asks you to click on a link or to give information such as your name, credit card or bank details, it’s a scam,” said HMRC.
“[Fraudsters] use a range of techniques, including emailing or phoning taxpayers and offering a bogus tax refund, or threatening them with arrest if they don’t immediately pay tax owed.”
The tax authority said consumers should refrain from giving out private information, replying to text messages, downloading attachments or clicking on links in emails that arrive unexpectedly. Consumers who receive suspect messages can compare them with examples published on the government’s web pages.
“With panic around the virus continuing to increase, we can expect to see even more attempts by cybercriminals to trick vulnerable people,” said Francis Gaffney, director of threat intelligence at Mimecast.
“It is vital that the public do not respond to any electronic communication in relation to monies via email and certainly do not click on any links in any related message,” he added.
Mr Gaffney added that the growth in homeworking following the spread of coronavirus had heightened the risk of cyber attacks.
“Keeping a remote workforce secure requires a lot of preparation from organisations. It means following best cyber security practices and ensuring good cyberhygiene,” he said.
Last week, Action Fraud revealed that it had received 21 reports of fraud related to coronavirus, with total losses amounting to over £800,000.