GOV.UK Logo with hacker in the middle of the O

Phishing alert – Hackers use HMRC and GOV.UK as lures in recent COVID-19 phishing campaigns

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

A recent bout of phishing campaigns sees hackers masquerading as government websites in order to steal victims’ personal information.

Social engineers often hide behind guises of authoritative organisations, and in a recent spate of global phishing campaigns, numerous large government organisations and trusted NGOs find themselves with duplicated domains leading to fake websites.

This increase in phishing efforts during the COVID-19 lockdown has led to a marked rise in the necessity for effective security awareness training. As we explored in a previous post, user knowledge is still the most potent defence against phishing emails and should be strengthened as much as possible.

The focus is currently on credential theft, with hackers creating multiple fake landing pages mimicking trusted sites such as the WHO, CDC, and the UK’s HMRC, along with other sections of GOV.UK (the last two pictured below).

Phishing page mimicking an hmrc tax relief page

Fake HMRC landing page

Phishing page appearing to be a Westminster city council billing page

Fake GOV.UK page, mimicking a Westminster council billing page

Without a strong knowledge and understanding of how to spot phishing attacks, users face an unprecedented cyber security threat during lockdown and we urge all readers to educate their staff to the dangers of online threats.

At Phishing Tackle, we have created several free tools to start your journey into cyber awareness. The most popular tool is our Free Click-Prone® Test, which reveals your organisation’s susceptibility to falling for a phishing attack.

Take the initiative, educate your users, don’t become a victim to cyber criminals.