User clicking an HMRC phishing email while hacker is lowering fishing rod behind computer

Hackers target UK business owners using Coronavirus Job Retention Scheme phishing emails masquerading as HMRC

Social engineers masquerading as the UK’s HMRC are playing on fears and uncertainty surrounding the corornavirus pandemic with fake job retention scheme advice emails.

A phishing email targeting UK business owners applying for the government’s Coronavirus Job Retention Scheme is being reported by multiple organisations across the country.

The email, originally reported by the Lanop Accountancy Group, uses official HMRC branding to entice victims into clicking the “complete claim” link and giving up their bank details.

The fake HMRC email (credit: Lanop Accountancy Group)

This is another example of hackers attempting to capitalise on the general confusion surrounding the coronavirus pandemic.

In reality, users with only a very basic level of security awareness training should be able to spot the errors on the email.

These errors include the sender’s email address being entirely unrelated to HMRC, the several grammatical errors and the URL leading to a non-HMRC domain.

The text is pasted below in its entirety;

Dear Customer,

We wrote to you last week to help you prepare to make a claim through the Coronavirus Job Retention Scheme. We are now writing to tell you how to access the Covid-19 relief.

Information you will need before you make a claim [cut from image]

  • you will need to tell your us which UK bank account you want the grant to be paid into, in order to ensure funds are paid as quickly as possible to you.


You should retain all records and calculations in respect of your claims.

We continue to wish you all the best at this challenging time.

Yours sincerely

Jim Harra

First Permanent Secretary and Chief Executive HMRC”

Emails asking for bank details should always be treated with extreme caution and for those without regular training in how to spot phishing emails, these can be extremely damaging attacks.

So far, the email has been spotted and reported to Lanop by over 50 business owners, prompting a response from Managing Partner Aurangzaib Chawla.

“We’re calling upon all businesses to think twice before handing over bank details and making bank transfers in response to email requests during this crisis. Cyber crime is rising rapidly and this is the first of what we expect to be many scam emails, designed to trick unsuspecting owners into handing over private company data. We are also offering free advice about how to tackle these scams and reporting any suspicious activity direct to HMRC.”

Aurangzaib Chawla – Managing Partner, Lanop Accountancy Group

At Phishing Tackle, we have seen a marked increase in phishing attacks during the pandemic. This places home workers, where cyber-security policies are often less well-practised, at a severe disadvantage.

We urge all business owners and decision-makers to use this time to test and train your users as hackers step up their scamming efforts.

Understanding that the journey to cyber awareness starts with a single step, we’ve created a (free) first step tool which reveals how many users are susceptible to falling for a phishing attack. We call this your “click-prone rate“.

Take a look at our Free Click-Prone® Test and find out how vulnerable your home workers are before bad actors find out for you.

Recent posts