TT146: Online Fraud – please stay alert!

February 22, 2010

We have received several cases of attempted phishing by fraudsters against clients. These have all, so far, taken the form of an unsolicited email which states that there is some sort of bank account problem, or under-reported income or fraud on your tax affairs and that you need to log-in to provide security details.

Sometimes such phishing attempts have targeted certain bank or online service users. Such versions of phishing have been termed “spear phishing”. Several recent phishing attacks have been directed specifically at senior executives and other high profile targets within businesses (with emails usually harvested form company websites), and the term “whaling” has been coined for these kinds of attacks. This naming convention is all very witty, until someone becomes a victim.

Recently the emails we have seen have all revolved around emails purporting to come from HM Revenue & Customs (“HMRC”).

Please note that it is unlikely that HMRC will ever contact you by email. This might change in the future, but if in doubt do not respond to such emails or provide security details.

Key things to watch out for are:

  • Unexpected emails – keep being sceptical about all emails, but especially those you did not expect.
  • Beware the email address the email came from! It is very easy to alias the sender’s address to look like a recognisable person.
  • Beware the email address you are asked to reply to – if it is a different address from the senders then it might be that the sender has something to hide.
  • Unprofessional layout – many of these emails look very poor and do not look like they have come from a credible company. However, it is not hard to copy an email from a bank or HMRC so expect to see the sophistication of such fraud attempts improve.
  • Spelling – surprisingly many of the fraud attempts contain spelling mistakes. Again, this will improve.
  • Odd URLs – if you look at the web link you are asked to click on, it often starts with a reasonable looking address (e.g. online.hmrc.gov.uk), but then carries on to reveal the remainder of the address, which is an obscure reference, sometimes on a website in another jurisdiction. Beware false websites, as some can be easily copied and mimicked.
  • Security updates – be aware that a lot of very common software has security flaws. Until recently Microsoft Internet Explorer allowed web addresses to be aliased, such that the site you thought you were on was not the correct one, i.e. the dodgy internet web addresses did not appear. Ensure you are fully up to date with security patches.
  • And finally, keep being sceptical.

Now whilst you are reading this, I don’t suppose you could send me your bank account details and online password, and an up front fee so I could send you a large commission from a late East African dictator’s Swiss bank account could you? Ah, I thought not. You see, you’re learning already!

Talk to Barnes Roffe today
Share this page:
Contact Us
ICAEW The Chartered Institute of Taxation ACCA IPG IR