Cofense Detects HMRC #COVID19 Tax Relief Scam

I get quite a few emails from HMRC. I now use my accountant to filter out what is real and what I actually need to pay attention to. He doesn’t (yet) realise that I’m using him as an anti-phishing filter…:

The Cofense Phishing Defense Center (PDC) has observed a new email-based phishing scam that aims to harvest Her Majesties Revenue and Customs (HMRC) credentials and sensitive personal information by preying on UK workers who are expecting COVID-19 tax relief grants.

According to Cofense, the threat actors use a legitimate-looking email address ([email protected]) with the impersonated organization in the name and set the name to match (HM Revenue & Customs). They also use the somewhat poorly written subject line of “Helping you during this covid from government.”

Receivers of the email are presented with a notification that the government is offering between £2500 and £7500 in tax grants for those whose ability to work has been affected by the health crisis.

Jake Longden from Cofense PDC explained: “The email includes a link to check their [users’] eligibility. With the government publicly and repeatedly mentioning such sums, the email is believable to inattentive users. The attacker also mentions the ‘Open Government Licence v3.0,’ a legitimate copyright licence used by the Government and Crown Services, to provide additional credibility.”

Once the link is clicked, the user is presented with a realistic clone of the GOV.UK website and asked to enter personal and sensitive data.

[…]

Original article here