Hackers Ramp up with New Tax Scams Headed Our Way

  • By Dawna M. Roberts
  • Feb 19, 2021

As the United States stands at the cusp of tax season, Americans should brace themselves for even more malicious yet highly believable tax scams making the rounds now in the U.K. The U.K. files their taxes on January 31st, so most residents have already filed but many are getting these scams delivered as SMS.

What is Happening?

U.K. residents are receiving text messages that say they come from Her Majesty’s Revenue and Customs (HMRC), the U.K.’s version of an Internal Revenue Service (IRS).

Using a technique called “smishing,” scammers are sending messages claiming that the recipient has received a “tax rebate of $xxx.xx for an overpayment in year 2019/2020 and to click here to proceed.” The link looks very convincing and even references the HMRC.

Sophos security research firm claims that the website the link takes visitors to is “annoyingly believable” with details like a coronavirus message at the top, authentic terminology, and they even spelled “organisation” with an “s” instead of a “z.”

Although when you look closer, you see the text on the page devolves into spelling errors, misconfigured sentences, and is clearly not a government resource. Not to mention that the .com URL gives it away as fake. All government URLs in the U.K. end with .GOV.UK.

Another glaring difference is that the real HMRC tax website forces users to log in first, and the fake one does not. Additionally, the HMRC website uses two-factor authentication to ensure that only the real user logs in using those credentials.

The Finer Details of the Scam

Upon landing on the fraudulent tax page, users are first asked to select whether they are individuals or entities. They are then asked for a lot of personal information such as name, date of birth, home address, phone number, mother’s maiden name, and national insurance number (which is like our SSN). That page alone exposes the site as a scam because no legitimate tax entity is going to ask for all that information to discuss a tax overpayment with you.

If a user were to enter all that data and continue, the next section then asks for credit card details, including the CVV code on the back of the card. Oddly enough, you aren’t paying for a product or service, so most users should question why they are being asked for this information. The page uses a vaguely worded threat about “tax penalties,” warning the user to enter the data correctly. If the user has gotten that far, the final nail in the identity theft coffin is the page that asks for your banking details (bank account number and sort code). That amount of information would be pretty much a treasure trove to any identity thief or hacker.

Finally, after collecting all the personality identifiable information (PII), the website shows a confirmation page warning that it may take up to 10-14 days while they “verify the information” before receiving your refund. As a final coup de grace, the page wipes out your browser cookies and redirects you to the legitimate government website making it impossible to trace.

How Taxpayers Can Stay Safe This Year

Before this tool is rebranded and used here in the U.S., taxpayers can arm themselves with the knowledge of how to stay safe and avoid these types of scams.

  • The IRS will never text or email you. 
  • Do not click any links in emails or SMS messages from anyone you do not know, even if it “appears” legitimate.
  • Never give out personal information (especially as much as this website asked for) online or to someone you don’t know.
  • Be diligent in checking URLs before visiting websites. Watch for .gov in URLS for any federal or state-level websites.

Use common sense, and if anyone promises you money that you didn’t expect or if something sounds too good to be true, it probably is a scam.


About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “A ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

BMO Bank Loses Customer Data in Recent Data Breach Attack

BMO Bank Loses Customer Data in Recent Data Breach Attack

BMO Bank is the 8th largest bank in the United States, employing over 12,000 individuals. The bank manages more than $3 Billion in annual reserves and works with a huge number of customers as it has over 1,000 physical locations across the country.

Lakeland Community College in Ohio Suffered a Major Data Breach

Lakeland Community College in Ohio Suffered a Major Data Breach

Lakeland Community College is a public school located in Lake County, Ohio. The school serves approximately 8,700 students at one time and provides over 135 different associate degrees and technical certificates.

Delta Dental of California is Another Victim in the String of MOVEit Data Breaches

Delta Dental of California is Another Victim in the String of MOVEit Data Breaches

Delta Dental of California is a major dental insurance provider throughout one of the largest states in the US. The company is well-known for offering PPO dental insurance policies and other varieties of dental insurance options.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an email address