Scammers are sending out fake emails pretending to be HMRC, and small businesses are falling into their traps.
For many small businesses, cyber security isn’t a priority, but one of the biggest misconceptions is that hackers only target bigger businesses.
Unfortunately, very few cyberattacks are targeted - hackers tend to throw a wide net and see what they can capture. And they see small businesses as low hanging fruit because they’re less likely to have security as strong as bigger companies.
For this reason, small businesses are often the worst hit by cyber attacks and are vulnerable to losing valuable data, suffering both financial and reputational damage.
Each year, thousands of taxpayers are targeted by criminals who send not only emails, but texts and even messages over social media pretending to be HMRC. While these may seem genuine at first glance, there are a number of ways to tell the real ones from the fakes. Here are five things you should look out for:
These can be tricky to spot, as fraudsters often use addresses that look official at first glance, containing words like Revenue, HMRC and gov.
The trick to spotting whether the address is real or not is to hover over the ‘from’ address. The actual link the text leads to will not end in @hmrc.gov.uk (which all official emails from HMRC will).
If you’re unsure about the email, forward it to HMRC’s phishing team at [email protected] and they’ll be able to provide you with guidance.
If you get an email from HMRC offering you a tax rebate or repayment, it's almost certainly a scam. Emails from HMRC will never offer you any repayment, tell you about a tax rebate or ask you to send personal information (such as an address or bank details).
If the promise of large tax rebates are the carrot, demands for urgent action are the stick. Fraudsters will often try to scare you into complying by telling you that you need to do as they ask quickly, or face the consequences.
Emails that use phrases like ‘you only have three days to respond’ or ‘urgent action required’ are likely to be scams, so don’t fall for the scare tactics and contact HMRC if you’re unsure.
Any emails that contain links to a web page or have an attachment should be treated suspiciously. The links may go to a site that looks like the real HMRC homepage, but will ask you to input personal information so they can steal it.
Similarly, don’t open any attachments that you aren’t expecting. These could contain viruses that will give scammers a backdoor into your computer and allow them to make off with personal information on you, as well as your clients or customers.
Be wary of emails that start ‘Dear Sir/Madam’, ‘Dear customer’ or simply ‘Hello’, rather than your name, as they’re highly likely to be fraudulant.
Emails from HMRC will address you by your name - and they’ll include information on how to report scam emails further down.
We create this content for general information purposes and it should not be taken as advice. Always take professional advice. Read our full disclaimer
25 May 2017 • 5-minute read
Less than two weeks ago there was a global cyber attack, affecting organisations from FedEx to the NHS. More than 200,000 computers were…
17 May 2018 • 4-minute read
You should think twice before acting on messages left by the tax service, as HMRC reveals it received 84,549 reports of fraudulent tax…
6th Floor99 Gresham StreetLondonEC2V 7NG
Sol House29 St Katherine's StreetNorthamptonNN1 2QZ
© Copyright 2020 Simply Business. All Rights Reserved. Simply Business is a trading name of Xbridge Limited which is authorised and regulated by the Financial Conduct Authority (Financial Services Registration No: 313348). Xbridge Limited (No: 3967717) has its registered office at 6th Floor, 99 Gresham Street, London, EC2V 7NG.