By David Owens
Hawsons Chartered Accountants
SCAM text messages claiming to be from HMRC, promising such things as cash rebates and refunds, are mostly being successfully intercepted before they reach people’s phones, according to HM Revenue and Customs.
In April 2017, HMRC launched a new project using technology that identifies fraudulent text messages that suggest they are from HMRC, and prevents them from being delivered to the phones of the unsuspecting public. Since they started the project, there has reportedly been a 90 per cent reduction in customer reports of this specific type of fake HMRC-related messages. However, scammers are still out there, and they are still trying to steal information.
Although, considering that on average, just one in every 11 people can spot scams accurately, fraudsters are still able to claim to be from HMRC, make false claims to recipients, and engage in identify theft within seconds.
The messages in question will say they are from HMRC, instead of showing you a mobile number, to make them appear legitimate. They may claim that you are due a tax rebate, and feature a link that encourages you to sign in. By opening this link, you are often taken to a website that harvests your personal information, or spreads malware to your device. It can also result in the theft of people’s savings.
HMRC are reminding people that they will never inform customers that they are due a tax rebate through email or text – it will always be through written correspondence.
While HMRC seem to be running an effective campaign, it’s another story elsewhere. Deals, coupons and various other useful materials are often sent to customers through email and text, and with such sensitive information on phones, you need to be extra vigilant.
So, how do you spot a scam?
Last year, the UK lost £2m a day as a result of fraud, so here are some top tips to keep you protected.
Suspicious Text Messages
* Be wary, be vigilant: if a link in a text message asks you to verify or update your account details, don’t click it. Log into the main site and check through there.
* Use a contact number you know, or can double check: if a message asks you to get in touch with your bank etc, then only call a number you know will be genuine – i.e. the number on the back of your bank card.
* Be aware of what your bank would and would not ask you: remember that a genuine text from your bank will never ask you to transfer money to a different account, or ask for your four-digit PIN.
Cold Calls
* Don’t assume that the person who has called your phone, or left you a voicemail message is the person they say they are.
* If a phone call or a voicemail offers you a deal, asks you to make a payment, or log into an online account, be cautious.
* If you call a number back, try to use a different line, as some scammers will keep the line open on their end to trick you.
* Check the call is genuine by asking for the company details that the caller claims to be from, and then calling them through your own means. Never call numbers or follow links provided in emails that don’t feel genuine. Instead, find the official website or customer support number.
Emails to be wary of
* Official looking emails with multiple spelling errors are often a tell-tale sign of a fraudulent email.
* Don’t respond to emails that ask you to click on a link and provide personal information.
* A genuine email from a service you subscribe to will only ever address you by your name at the beginning – ‘Dear customer’ should immediately raise your suspicions.
* Do not reply, click on any of the links, or open attachments that arrive with an email you aren’t expecting to receive.
* Hover over URLs to see if the link they are heading to matches the context of the email.
Dangerous websites
* Make sure you’re protected. Before you start your online shop, install anti-virus software or a firewall. This helps block any suspicious content.
* Always check the URL. Only use secure websites for purchases – those with https: at the start. Also look for the icon of a locked padlock at the bottom of the screen.
* Is the deal too good to be true? If something appears to be too good to be true, then it probably is.
* Only shop with companies you know and trust. Watch out for fake websites, check the URL, and check websites like TrustPilot to read reviews of other customers’ experiences.
How can you protect yourself & your business?
Training, training and more training is the best way to ensure that those in your business are prepared for any potential threats. This is even more vital if you or your employees have any sensitive or confidential information on their phones or computers regarding clients or customers, particularly in light of data protection requirements.
Our IT experts at Hawsons Chartered Accountants are more than happy to advise.
Get in touch with David Owens at Hawsons Chartered Accountants on 01604 645600 or by email at