Scammers are sending out fake emails pretending to be HMRC, and small businesses are falling into their traps.
For many small businesses, cyber security isn’t a priority, but one of the biggest misconceptions is that hackers only target bigger businesses.
- Ransomware protection: everything small businesses and sole traders need to know
- GDPR for small businesses
- Mac vs PC for business: which should I choose?
- What does business insurance cover?
Unfortunately, very few cyberattacks are targeted - hackers tend to throw a wide net and see what they can capture. And they see small businesses as low hanging fruit because they’re less likely to have security as strong as bigger companies.
For this reason, small businesses are often the worst hit by cyber attacks and are vulnerable to losing valuable data, suffering both financial and reputational damage.
Each year, thousands of taxpayers are targeted by criminals who send not only emails, but texts and even messages over social media pretending to be HMRC. While these may seem genuine at first glance, there are a number of ways to tell the real ones from the fakes. Here are five things you should look out for:
1. Fake email addresses
These can be tricky to spot, as fraudsters often use addresses that look official at first glance, containing words like Revenue, HMRC and gov.
The trick to spotting whether the address is real or not is to hover over the ‘from’ address. The actual link the text leads to will not end in @hmrc.gov.uk (which all official emails from HMRC will).
If you’re unsure about the email, forward it to HMRC’s phishing team at firstname.lastname@example.org and they’ll be able to provide you with guidance.
2. Offering a tax rebate
If you get an email from HMRC offering you a tax rebate or repayment, it’s almost certainly a scam. Emails from HMRC will never offer you any repayment, tell you about a tax rebate or ask you to send personal information (such as an address or bank details).
3. Demanding immediate action
If the promise of large tax rebates are the carrot, demands for urgent action are the stick. Fraudsters will often try to scare you into complying by telling you that you need to do as they ask quickly, or face the consequences.
Emails that use phrases like ‘you only have three days to respond’ or ‘urgent action required’ are likely to be scams, so don’t fall for the scare tactics and contact HMRC if you’re unsure.
4. Bogus links and dodgy attachments
Any emails that contain links to a web page or have an attachment should be treated suspiciously. The links may go to a site that looks like the real HMRC homepage, but will ask you to input personal information so they can steal it.
Similarly, don’t open any attachments that you aren’t expecting. These could contain viruses that will give scammers a backdoor into your computer and allow them to make off with personal information on you, as well as your clients or customers.
5. Generic greetings
Be wary of emails that start ‘Dear Sir/Madam’, ‘Dear customer’ or simply ‘Hello’, rather than your name, as they’re highly likely to be fraudulant.
Emails from HMRC will address you by your name - and they’ll include information on how to report scam emails further down.