We’ve recently heard from several of our clients telling us that they’ve received calls and emails from scammers pretending to be HMRC. Thankfully, our clients get straight in touch with us to check the authenticity of this communication and we’ve been able to advise them. However, for many small businesses cyber security simply isn’t a priority and it’s a big misconception that hackers only target larger businesses.
Unfortunately, very few cyberattacks are targeted – hackers tend to throw a wide net and see what they can capture. And they see small businesses as low hanging fruit because they’re less likely to have security as strong as bigger companies.
For this reason, small businesses are often the worst hit by cyber attacks and are vulnerable to losing valuable data, suffering both financial and reputational damage.
Each year, thousands of taxpayers are targeted by criminals who send not only emails, but texts and even messages over social media pretending to be HMRC. While these may seem genuine at first glance, there are a number of ways to tell the real ones from the fakes. Here are five things you should look out for:
1. Fake email addresses
These can be tricky to spot, as fraudsters often use addresses that look official at first glance, containing words like Revenue, HMRC and gov. The trick to spotting whether the address is real or not is to hover over the ‘from’ address. The actual link the text leads to will not end in @hmrc.gov.uk (which all official emails from HMRC will). If you’re unsure about the email, forward it to HMRC’s phishing team at email@example.com and they’ll be able to provide you with guidance.
2. Offering a tax rebate
If you get an email from HMRC offering you a tax rebate or repayment, it’s almost certainly a scam. Emails from HMRC will never offer you any repayment, tell you about a tax rebate or ask you to send personal information (such as an address or bank details).
3. Demanding immediate action
If the promise of large tax rebates are the carrot, demands for urgent action are the stick. Fraudsters will often try to scare you into complying by telling you that you need to do as they ask quickly, or face the consequences. Emails that use phrases like ‘you only have three days to respond’ or ‘urgent action required’ are likely to be scams, so don’t fall for the scare tactics and contact HMRC if you’re unsure.
4. Bogus links and dodgy attachments
Any emails that contain links to a web page or have an attachment should be treated suspiciously. The links may go to a site that looks like the real HMRC homepage, but will ask you to input personal information so they can steal it. Similarly, don’t open any attachments that you aren’t expecting. These could contain viruses that will give scammers a backdoor into your computer and allow them to make off with personal information on you, as well as your clients or customers.
5. Generic greetings
Be wary of emails that start ‘Dear Sir/Madam’, ‘Dear customer’ or simply ‘Hello’, rather than your name, as they’re highly likely to be fraudulant. Emails from HMRC will address you by your name – and they’ll include information on how to report scam emails further down.
If you need further help or have questions about HMRC, accounts or bookkeeping, we’d be happy to help. Perhaps we can help organise your accounts with a free month of Xero?
Thanks for stopping by,