April is a month for many things – the customary April showers to Fool’s Day and the start of the new tax year.

The start of the 2021/22 tax year, though, has brought with it a spate of phishing campaigns from criminals desperate to take advantage of the general public and earn themselves a payday of thousands of pounds.

One of a whole range phishing campaigns that the public have been bombarded by is a very genuine-looking HMRC communication. Usually a phone call but sometimes an email or a text message, the communication uses social engineering tactics to prompt the recipient to click through to a live operator. Social engineering is a tactic used by criminals to try and urge a victim to complete an action as soon as possible.

The recent scam tells the victim that they have filled out their tax returns fraudulently and face a large fine and/or prison time if they do not proceed to the next step.

This type of action is very believable at this time of year, and so criminals have been finding much success. Once through to a real person, the victim is advised they must pay a fee to resolve the situation and avoid going to jail.

Worse still, the caller ID for the scam is usually one with a Greater London area code, giving the impression that the call is legitimate and from HMRC themselves.

Even more worryingly though, scammers have recently been spoofing phone numbers relating to the Royal Courts of Justice around similar ‘tax fraud’ schemes – the advice from the RCJ is that they, ‘will not call or email you about a tax matter.’

Outside of the phone calls, email and text messages usually look something like the below examples of phishing campaigns. Again, these communications can be very convincing, often using the same tone as official HMRC directives as well as official logos and enticing language such as, ‘you are owed £250 by HMRC, click here to receive it’.  

Most phishing emails often contain links to spoofed pages, designed to look like an official HMRC webpage, which might ask the victim for their personal details, and even bank card information. It could be that this information is ‘needed’ for a refund of some kind, but before they know it, the victim has handed their most sensitive information over to cyber criminals.  

Neuways’ advice is to always be wary of communications that feature emotive, pressing language that requires ‘immediate action’. It should also be noted that HMRC ‘never send email notifications about tax rebates or refunds’, and the display name or email address can always be changed by scammers, to seem legitimate. 

Always go through the official channels if you are concerned about your tax status. If you receive an errant email purporting to be from HMRC, go directly to them, not through a phone number or web link sent via a potential phishing email, and attempt to clarify the situation. 

If you or anyone you know is personally affected by one of these tax scams, contact HMRC as soon as possible, to make them aware and avoid any long-lasting damage.

If your business experiences any of the above attacks, it is time to get in touch with a Managed Service Provider, such as Neuways. Call us on 01283 753333 or email hello@neuways.com to find out how we can help safeguard your business.