Fraudsters have come up with a new phishing scam designed to steal personal and financial details of millions of self-employed workers using the government’s coronavirus support scheme.
The scam, uncovered by Griffin Law, purports to be from HM Revenue and Customs and sends a text message to individuals using the government’s Self-Employment Income Support Scheme (Seiss) offering a tax rebate.
It comes after self-employed people were targeted by HMRC impersonators offering a lump sum payment under the support scheme in March.
The latest text message informs the victim they are eligible for a tax refund and directs them to a website named “https://hmrefund.com”, which then leads to an “incredibly realistic” copy of the HMRC government site., the firm said.
A form on the site then asks for the individual’s email address, postcode and HMRC log-in details.
The form calculates a fake refund amount, which when tested by Griffin Law totalled £217.17.
However, the pound sign appears after, rather than before, the figure which made individuals who reported the scam wary.
The next page shows an online form asking key personal information from the victim, including their card number, name, account number, security code and expiry date.
Screenshots of the scam taken by Griffin Law:
Griffin Law said around 100 self-employed workers have so far reported the scam to its accountants and business networks.
The scam comes after chancellor Rishi Sunak announced an extension of the scheme, which has so far received 2.3m claims worth £6.8bn.
An HMRC spokesperson said the tax office has detected 98 Covid-related financial scams since March, most by text message and has asked internet service providers to take down more than 100 web pages associated with these scam campaigns.
They said: “Criminals are taking advantage of the package of measures announced by the government to support people and businesses affected by coronavirus.
"Criminals text, email or phone taxpayers offering spurious financial support or tax refunds, sometimes threatening them with arrest if they don’t immediately pay fictitious tax owed.
“Several of the scams mimic government messages such as ‘Protect the NHS. Stay home. Save lives’, as a way of appearing authentic and unthreatening.
“If someone emails, texts or calls claiming to be from HMRC, saying that you can claim financial help or are owed a tax refund, and asks for personal or bank details, it might be a scam."
Chris Ross, senior vice president at cyber security firm Barracuda Networks, said: “This is the latest in a series of sophisticated HMRC-branded phishing scams designed to target vulnerable workers during the Covid-19 outbreak.
“We’ve seen a sharp rise in these kinds of schemes, often carefully crafted and timed alongside new government funding announcements to increase the likelihood of duping unsuspecting workers into handing over personal financial data.”
Andy Harcup, vice president of Absolute Software, said: “This particular scheme is designed to trick unsuspecting self-employed workers into claiming a tax refund, at a time when many people are struggling to make ends meet.