New HMRC SMS Phishing Scam Targets Self-Employed Workers.

Cyber-criminals have launched a new phishing scam designed to steal personal and financial details of self-employed workers using the Self-Employment Income Support Scheme (SEISS) during the COVID-19 outbreak.

HMRC phishing scam

The scam was uncovered by litigation company Griffin Law and begins with a text message sent to self-employed workers offering a tax rebate purporting to be from HMRC. This is in the wake of chancellor Rishi Sunak’s recent announcement of an extension to the SEISS.

According to Griffin Law, the text message informs victims that they are eligible for a tax refund and redirects them to a bogus website which leads to a realistic copy of the official HMRC site. Users are then met with a form which asks them to enter their email address, postcode and HMRC log-in details, before a fake refund amount is calculated.

From there, victims are taken to another page and asked to enter personal information including card number, name on card, account number, security code and expiry date.

Griffin Law estimates that around 100 self-employed workers have so far reported the scam to their accountants and business networks.

Commenting on the news, cyber-expert Chris Ross, SVP, Barracuda Networks, said: “This is the latest in a series of sophisticated HMRC-branded phishing scams designed to target vulnerable workers during the COVID-19 outbreak. We’ve seen a sharp rise in these kinds of schemes, often carefully crafted and timed alongside new government funding announcements to increase the likelihood of duping unsuspecting workers into handing over personal financial data.”

Andy Harcup, VP, Absolute Software, added: “The scam uses official government branding, logos and layouts, including a disclaimer about the site using cookies to fool users into thinking this is a legitimate way to reclaim money. It is vital that users remain vigilant to such attacks, checking the origin and legitimacy of sites before handing over confidential financial data. It’s also critical that companies ensure they have the necessary cybersecurity systems in place to protect against malicious communications across all workplace laptops and devices, to keep hackers at bay.”

We’re Team Metalogic

We’re Team Metalogic, an IT support provider offering outsourced managed services to SME’s across the UK. With a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.

Our stress-free solutions don’t complicate things, in fact, they improve efficiency and save money.

Share this page

Service Desk Engineer Joshua James completes his CompTIA Network+ certification

Joshua joined the team last year as Service Desk Engineer and since joining us he’s gone from strength to strength within the company. At Team Metalogic we are committed to helping our colleagues grow and develop in order to excel in their careers, and Joshua is no exception. 

Find out more

What is HIPAA?

HIPAA is short for the Health Insurance Portability and Accountability Act. It’s a federal law in the US, creating national standards for protecting sensitive patient health information.

Find out more

10 steps to cyber security

Protecting your data is crucial: any data lost or attacked compromises you and your organisation. Cyber security is the practice of defending your IT and telecommunications from any malicious attacks.

Find out more

What is passwordless authentication and is it right for your organisation?

Passwordless authentication is any way in which a user’s identity can be verified without the need for a password.

Find out more

Wondering if we have the right solution for you?

We’d love to talk

Request a call back

We use cookies to personalise and enhance your experience on our site and improve the delivery of ads to you. Visit our Cookie Policy to learn more. By clicking 'accept', you agree to our use of cookies.