Scammers continue to worry – or raise the hopes – of business owners with fraudulent emails claiming to be from HMRC or high street banks. You may be able to spot the hoaxers. But can your staff?
Banking irregularities
The tortuous spelling and punctuation. The whacky grammar. And if you don’t bank with Halifax then this email (received at Just Payroll Services only this morning) is unlikely to worry you too much:
Dear Customer,
We detected irregular activity on your Internet Banking Account.
For your protection, you must verify this activity before you can continue using your account.
Please download the document attached to this email to review your account activity.
We will review the activity on your account with you and upon verification,
We will remove any restrictions placed on your account.
If you choose to ignore our request, you leave us no choice but to temporary suspend your account.
We ask that you allow at least 72 hours for the case to be investigated and we strongly recommend to verify your account in that time.
Note: If you received this e-mail in your BULK/SPAM section please add to your address book costumer@halifax
Thank you, Customer Support Service.
© Copyright Halifax Bank Holdings PLC 2012 – All rights reserved
Yet attempts to deceive account holders into revealing their details are becoming ever more sophisticated and devious. Many emails are already more convincing than the example above, carrying bank logos, replicating fonts and choosing language that feels more compelling.
Are you certain you couldn’t be deceived? Are you similarly certain about the people who hold your business’ account details?
Due a tax refund?
If they’re not mailing you pretending to be your bank, they’re posing as HMRC. Although the message is different – this time they say they’re trying to give you money – the goal is the same: to access your bank account details. The CIPP website reports that messages similar to the one below are being sent to business owners.
Tax Refund Confirmation After the last annual calculations of your fiscal activity, we have determined that you are eligible to receive a tax refund of 468.50 GBP. Please submit the tax refund request and click here by having your tax refund sent to your bank account in due time
Please Click “Get Started” to have your tax refund sent to your bank account, your tax refund will be sent to your bank account in due time take your time to go through the bank we have on our list
Get Started
Note : A refund can be delayed a variety of reasons, for example submitting invalid records or applying after deadline.
Sincerely Security Service Team
HMRC’s position is clear. It states:
“We only ever contact customers who are due a tax refund in writing by post. We currently don’t use telephone calls, emails or external companies in these circumstances. If anyone receives an email claiming to be from HMRC, please send it to phishing@hmrc.gsi.gov.uk before deleting it permanently.”
Spread the word
If your organisation has a number of people with access to account details it’s important they all have the same understanding of how to spot a scam, and how to act when they do.
Publish security warnings to those who may need to see them, and repeat the message regularly to protect against complacency.
Above all, ensure all relevant staff understand that neither the banks nor HMRC ever ask for account details to be entered online. That way, no matter how sophisticated they get, your accounts will remain strictly off-limits to scammers.