It’s that time of year when UK citizens are preoccupied with tax returns (due on 31 Jan) and social engineers are capitalising on it.
The beginning of the new year marks the joyous time where many Brits must inform Her Majesty’s Revenue and Customs (HMRC) of their earnings so they can be relieved of the appropriate taxes. Unfortunately, several active phishing campaigns have been separating people from their personal and financial details under the guise of HMRC.
As with many scam emails, it claims the recipients are entitled to some money. A tax refund in this case, often quoting the specific sum of £550.44, providing a link to a website for the students/victims to input their personal details.
Should they fall for it, the victims have instead simply given their details away to the malicious actors behind the campaign, which could be used in any number of nefarious ways.
“Along with other universities, Cambridge was recently targeted by tax-related scam emails. As soon as the threat was highlighted the University worked to cascade warnings and advice, via email, to colleges, tutors, students and staff .”Spokesperson – Cambridge University
Newer students face the greatest risk as they have had the least amount of regular Security Awareness Training, offered to all students by the university.
“The best protection is student awareness. If an email looks too good to be true, then it is probably a scam.”
HMRC has written to all British Universities this term highlighting the threat of scam emails.
Multiple law enforcement agencies and cyber security organisations have tweeted, warning both students and business owners over false HMRC emails. Some offer refunds, others claim to be warnings or threats over self-assessment deadlines, but they all fall under the same category: Phishing.
The most effective form of user protection when it comes to phishing scams is still education.
Those who know how to spot phishing emails are at a significantly lower risk of falling victim to malicious email campaigns.
At Phishing Tackle, we urge all our readers to educate their users on the dangers of phishing attacks. They are your first and last line of defence.