Cifas Homepage
NewsroomCareersContact Us

Phishing scams target HMRC grant recipients

23 April 2020

Phishing scams target HMRC

In response to the COVID-19 pandemic HMRC has released a full range of business support measures available to UK businesses in these unprecedented times. With the Job Retention Scheme going live on Monday, £6.11bn has already been paid out to around 491,725 business properties, which is approximately half of the grant funding allocated (49.58%).

It’s vital during these times that businesses can spot a fraud attempt as fraudsters have been preying upon concerned business owners who are trying to protect their livelihoods and jobs. Fraudsters always tend to focus in on the most highly searched terms and topics, targeting those in a place of stress or panic. Using the COVID-19 pandemic to their advantage is a no brainer for a fraudster.

We have seen all different types of scams, ranging from vishing calls, door to door scams, WhatsApp and text scams, but most the common (especially to target businesses) comes in the form of phishing emails.

One specific phishing email scam going around involves fraudsters using official HMRC branding and purporting to be “Jim Harra, First Permanent Secretary and Chief Executive of HMRC”, using the subject line ‘HM Revenue & Customs’. The email asks for the bank account details of the recipient “to ensure funds are paid as quickly as possible”. This particular phishing email was sent by the address, which if spotted would hopefully raise some major red flags.

A lot of these emails contain clever wording, look professional and are not as easy to identify as they once were.

We spoke to Graydon, a leading provider of business credit information and data intelligence who offered that they, “are hearing about the use of the Covid 19 crisis in general and the HMRC Job Retention Scheme in particular to launch phishing attacks. Such attacks are designed to trick unwary businesses or individuals into revealing details of bank accounts which are then open to being plundered.”

Graydon urges, “Companies to beware of unsolicited emails, texts or phone calls that are requesting financial details or other sensitive information and claim to come from the HMRC or similar authorities.”

When applying for a grant it is vital to keep all information as confidential as possible and be sure about who you’re sending information to. If you receive an email that looks to be from the government or a local authority, stop, be suspicious, #takefive and think critically. Many local authorities will send confirmation via a letter in the post, and so email communication should sound an internal alarm. Not every local authority is handling the situation identically so it is worth confirming with them directly.

Never respond to a suspicious email if you are not sure, and never click a link. Try to use email preview or document preview capabilities where possible as that can help spot and prevent dangerous malware from being download to your device.

Recent research has discovered that there has been a 600% rise in the number of phishing emails delivered worldwide using Coronavirus-related themes targeting individuals and businesses. In March alone we saw over 60,000 domains shoot up out of nowhere containing the phrase of coronavirus. Although some of these will be legitimate sites, we know that the vast majority are domains used for online fraud, malware distribution, or obvious scams, peddling vaccines and supplements.

Thankfully Google has begun work to reduce malicious domains and emails by eliminating 18 million daily malware and phishing emails related to COVID-19. But that does not mean we stop staying vigilant on what to look out for. Be suspicious if:

  • Communication is out of the blue (cold call)
  • Email address or subject line seems ‘phishy’
  • Message contains spelling or grammatical errors
  • Asks for additional personal or financial details through a link
  • Pressure for quick action

If you are a business and looking for more information about the different grants and schemes head over to the official webpage for businesses.

Make sure to check our dedicated Coronavirus advice webpage for home workers, businesses and self-isolators. This page includes a daily ‘What’s new’ update from our intelligence team outlining coronavirus related scams and fraud threats.

Posted by: Amber Burridge

Amber is the Head of Fraud Intelligence at Cifas.


Businesses – it’s time to step-up the fight against the fraud pandemic

30 April 2020

Fraud is clearly mutating as fraudsters are now taking advantage of the opportunities created by the current anxiety over Covid-19 and the new working conditions for most of the population.


Coronavirus: managing internal fraud in a pandemic

16 April 2020

In these extraordinary times many organisations are in uncharted waters and coming to terms with their new day-to-day. It's important employers stay mindful of how employees are coping and are aware of potential internal fraud risks.

Back to blog home >
Posted by: Amber Burridge

Amber is the Head of Fraud Intelligence at Cifas.