David Emm, principal security researcher at Kaspersky Lab
At this time of year, the number of tax scams reaches a high, with fraudsters looking for any chance to cash in on consumers, the self-employed or small businesses who might be excited about potential refunds. Many people now do their taxes online, and cybercriminals are seeing this as a huge opportunity for phishing schemes. Take the recent HMRC email scam which sends fake e-mails asking the recipient to create a “government gateway account” to access information about their tax refunds, and subsequently requests personal banking details.
What’s more, recent ONS figures show that online fraud is now the most common crime in the UK, with almost one in 10 people falling victim. But whilst online fraud is growing, there are various types of scams which can take place, and it’s important for consumers and businesses alike to be aware of what to look out for. This includes:
- Phishing emails – The attempt to entice you into providing sensitive information by pretending to be a legitimate organisation (e.g. HMRC).
- Phone calls – Fraudsters may trick people into giving out information over the phone, which could then be used either to access your account directly or to send you credible-looking phishing e-mails.
- App and messaging – A fraudulent app could access information without you realising and upload it to fraudsters.
We would recommend the following top tips on staying safe when managing your tax affairs this year:
- Give yourself plenty of time to file your tax return to lessen the risk that you will respond to a scam message
- Don’t trust advice about how to get a refund unless it comes from a tax professional or source that you trust – if in doubt, always double-check
- Don’t assume a bank or government agency would have access to your tax details. They will not have granular information about your tax return. Even if it looks legitimate, check over the details first and if in doubt, contact the apparent source of the information using publicly available contact information (not details from the communication you’re trying to verify)
- If using a mobile app to file your tax return, make sure you have mobile Internet security and that it’s up-to-date. Also make sure you review permissions requested by any app before accepting them
- Do not click on attachments or links in messages that look suspicious or that you have received from unknown people. They could be malicious.
- Do not enter your credit card details on unfamiliar or suspicious sites, to avoid the risk of passing them on to cybercriminals. Fake sites can be made to look just like the legitimate site that they’re trying to spoof.
- t’s always best to type in a URL yourself and you should always check that there’s a secure connection between you and the site – look for ‘https’ at the start of the address bar
- Install a security solution on your device, with built-in technologies designed to prevent financial fraud. For example, the Safe Money feature in Kaspersky Lab solutions creates a secure environment for financial transactions