Joerg Habermeier - stock.adobe.c

Coronavirus: HMRC job retention scheme targeted by cyber criminals

The UK government’s scheme to pay furloughed employees 80% of their wages is being targeted by cyber criminals

Less than 24 hours after the government’s Coronavirus Job Retention Scheme opened for applications on 20 April, organisations across the UK found themselves targeted by phishing emails sporting official HM Revenue & Customs (HMRC) branding and purporting to be from HMRC chief executive Jim Harra.

The job retention scheme – which has opened more than a week ahead of schedule – enables employers to claim cash grants worth up to 80% of wages, capped at £2,500 per worker, for staff furloughed during the pandemic.

HMRC claims the system can process 450,000 applications every hour, and 5,000 staffers are on hand to deal with the surge of applications. Speaking to the BBC on 20 April, Harra said 67,000 claims had been made within 30 minutes of the scheme going live at 8am.

According to London-based accountancy practice Lanop Group, cyber criminal gangs have been quick to latch onto the high levels of interest in the programme, and it said over 50 of its clients had already been in touch to report receiving suspicious emails, after they noticed the email was not sent from a legitimate domain.

The emails, which are trying to get hold of the target’s banking details, read: “Dear customer, We wrote to you last week to help you prepare to make a claim through the Coronavirus Job Retention Scheme. We are now writing to tell you how to access the Covid-19 relief. You will need to tell your us which UK bank account you want the grant to be paid into, in order to ensure funds are paid as quickly as possible to you.”

Lanop managing partner Aurangzaib Chawla said: “We are calling on all businesses to think twice before handing over bank details and making bank transfers in response to email requests during this crisis.

“Cyber crime is rising rapidly and this is the first of what we expect to be many scam emails, designed to trick unsuspecting owners into handing over private company data. We are also offering free advice about how to tackle these scams and reporting any suspicious activity direct to HMRC.”

Recipients of HMRC-related phishing emails are urged to forward them to a dedicated reporting inbox at [email protected], while any text messages should be forwarded to 60599. Other phishing emails, coronavirus-related or not, can be forwarded to a National Cyber Security Centre (NCSC) reporting inbox, which has just been set up as part of a new coronavirus security awareness campaign.

Read more about phishing

  • A new report highlights the brands which are being most frequently spoofed by cyber criminals in phishing attacks.
  • Share this list of phishing techniques and detection tips to help employees avoid phishing schemes. Plus, review technologies to protect your enterprise from phishing attacks.
  • When security expert Steven Murdoch received an email phishing attempt, the researcher in him decided to investigate. Find out what he learned about criminal phishing tactics.

Chris Ross, a senior vice-president at Barracuda Networks, said he had seen a sixfold increase in coronavirus-related phishing emails since March, in line with other threat researchers.

“This example underlines how hackers will prey upon vulnerable business owners who are trying to protect jobs,” said Ross.

“As always with these scams, the victim is encouraged to disclose personal data and financial information under the false assumption that the email is legitimate. It is absolutely vital that businesses have the cyber security systems in place to identify and quarantine phishing emails and ensure that every employee is properly trained to spot suspicious communication and think twice before giving out personal information.”

Besides emails purporting to be from HMRC, cyber criminals are using a variety of targeted lures during the coronavirus pandemic. Some of the more widespread scams currently being seen include information on the virus from the likes of the World Health Organization or the US Center for Disease Control, “special offers” on goods such as face masks and other items of personal protective equipment, and even cures for Covid-19.

Read more on Hackers and cybercrime prevention

Data Center
Data Management