Fraudsters go after taxpayers in new VAT scam

A cyber security expert has warned about a new breed of “phishing” emails, designed to trick taxpayers into downloading malicious software.

Security specialist Trustwave, which published the report, found that the scammers behind the email had also registered a domain name similar to HM Revenue & Customs’ (HMRC) own.

The phishing emails appear to look as though they are coming from HMRC, but in actual fact contain a link to dangerous ‘JRAT’ malware.

The fake emails may have the subject header ‘VAT return query’, while the body indicates that urgent action is needed and should be actioned by clicking on a link or downloading an attachment.

If you receive this email, or something similar, do not click on the link or download the attachment. HMRC will never ask you to complete a form via email. If in doubt, visit the HMRC website directly or contact your accountant – he or she will know if HMRC has made a genuine attempt to contact you.

Dr Fahim Abbasi, senior security researcher at Trustwave, said: “We have witnessed an increase in phishing campaigns using Microsoft services such as SharePoint (a web-based collaborative platform) and OneDrive (a file sharing service). We assume that the scammers route their malware leveraging reputable cloud services like Microsoft to evade detection by various security defences. Users need to be particularly careful since such scams are quite active during tax return season.”

HMRC guidance on Phishing and Scams can be found here.