Look out for HM Revenue and Customs (HMRC) tax rebate scam

[editor]

This one has apparently been causing concern

Starts with a 'text rebate' SMS
As observed by BleepingComputer, the smishing scam starts with a text message informing the recipient that they are eligible for a tax rebate as they had paid "emergency tax" this year.

Smishing text message scam informs users they are eligible for a refund
Source: BleepingComputer
You would think a user would know better not to click on a .com domain for accessing government services. However, some UK government services are offered via ".com" domains to the public.

One such example is householdresponse.com, which mimics the GOV.UK color scheme and UI so well it once had me fooled if it was a phishing domain.

Yet householdresponse.com is an entirely legitimate website used by the UK government to collect updates on household voter information from residents.

HMRC smishing tax scam targets UK banking customers

An advanced HMRC tax rebate scam has been targeting UK residents this week via text messages (SMS). The smishing campaign is concerning as it employs multiple HMRC phishing domains and tactics, with new domains being added every day as older ones get flagged by spam filters.

www.bleepingcomputer.com

 

[platinumsage]

If HMRC pro-actively offered me a rebate, instead of me having to do the calculations and write to them, I'd automatically be extremely suspicious!

 

[FridgeMagnet]

If HMRC pro-actively offered me a rebate, instead of me having to do the calcutions and write to them, I'd automatically be extremely suspicious!

They actually did me for last tax year, as they thought I was on PAYE the whole time and I'd been out of work - however it was in the form of a letter with all the calculations rather than uh a dodgy text with no personal details on it.

 

[Epona]

I got a phishing phone call a couple of weeks back claiming to be HMRC and saying they had opened a tax fraud case against me - and another one received about half an hour later.

You can report these scams on the HMRC gov site

 

[StoneRoad]

There's the usual email / phone scam tax refund doing the rounds ...

Usually caught by the spam filters, If I see it, it gets reported to the HMRC phishing line.

 

[not a trot]

Had the following one yesterday.


UK GOV Grant <info@play90.gr>
09/11/2020 09:06
1




Show image
Support Scheme Grant Extension
The UK Government recognises the continued impact that coronavirus (COVID-19)
has had and has taken action to provide support. The Support Scheme Grant Extension
provides critical support in the form of two grants, each available for three month periods.
The first grant will cover a three-month period and will be capped at £3,750 in total.
The scheme for government grant has been approved for xxxxxxxxxxxxxxxxxxxxxxxx
The money are set to land in your bank accounts within six working days of making the claim.
Claim now >

--U1GZ1--
From HMRC Government Gateway

 

[FridgeMagnet]

I got a phishing phone call a couple of weeks back claiming to be HMRC and saying they had opened a tax fraud case against me - and another one received about half an hour later.

You can report these scams on the HMRC gov site

I got one of those too. Not a very good one given that it was a robot voice using broken English - I mean I know there are budget cuts at HMRC, but....

 

[Argonia]

I got one not so long ago saying if I didn't pick up the phone I would be arrested.

 

[MickiQ]

All I ever get are the random robocalls along the line of "You are being investigated, do not disregard this message"

 

[spitfire]

I got a dodgy text a couple of weeks ago and someone pointed me in the direction of this lot. Screengrabbed and sent to.

report@phishing.gov.uk

Goes to the NCSC and you get a reply from them that it has been logged.

May be pointless but it takes .5 second.




Thank you for sending on your suspicious message.

Timely alerts from people like you help us to act quickly and protect many more people from being affected.

As of 30/09/20 the number of reports received stand at more than 2,930,000 with the removal of 13,291 scams and 30,344 URLs.
Thank you for your continued support.
Our investigations may take some time. Whilst the NCSC is unable to inform you of the outcome of its review, we can confirm that we do act upon every message received.

We’ll analyse the content of the suspect email and any websites it links to where appropriate.

If we discover activity that we believe is malicious, we may:

• seek to block the address the email came from, so it can no longer send emails
• work with website hosting companies to remove links to malicious websites
• raise awareness of commonly reported suspicious emails and methods used (via partners)

Care should be taken with any communication that asks you to share personal or financial information.

Please note…

You should not report a crime to the NCSC in this way. If you think you may have been a victim of fraud or cyber crime, and live in England, Wales or Northern Ireland, you should report this to Action Fraud at www.actionfraud.police.uk or by calling 0300 123 2020. If you live in Scotland, you should report this to Police Scotland by calling 101.

There are a number of ways you can protect yourself from attacks like this and the NCSC has published plenty of advice which will help you to stay secure online:

• The NCSC’s top tip for staying secure online
• Phishing attacks: how to deal with suspicious messages and emails
• Securing your devices

For a full overview of the NCSC’s advice for the general public please head to our dedicated individuals and families webpage.

How we handle the information you send to us

• Information provided to the NCSC is protected in the same way we protect our own confidential information: It is held securely, with strictly limited access.
• We may share details with our Law Enforcement partners, such as the National Crime Agency and the City of London Police, to help identify investigation and mitigation opportunities.
• The information we hold is exempt from Freedom of Information requests.
• For further detail on how we handle information you send us, please see our Privacy Statement.

Further information about reporting suspicious emails to the NCSC can be found at www.ncsc.gov.uk/report-suspicious-emails

Thank you.

Signed

National Cyber Security Centre

 

[platinumsage]

Had the following one yesterday.


UK GOV Grant <[EMAIL]info@play90.gr[/EMAIL]>
09/11/2020 09:06

[B]Support Scheme Grant Extension[/B]
The UK Government recognises the continued impact that coronavirus (COVID-19)
has had and has taken action to provide support. The Support Scheme Grant Extension
provides critical support in the form of two grants, each available for three month periods.
The first grant will cover a three-month period and will be capped at £3,750 in total.
The scheme for government grant has been approved for xxxxxxxxxxxxxxxxxxxxxxxx
The money are set to land in your bank accounts within six working days of making the claim.
[URL='http://ref.up.nn.gyxpvpkw.bhandaribishesh.com.np/.fdgf/.dsd/?gsfSdcvWFv2D']Claim now >[/URL]

Gotta love those URLs

 

[MickiQ]

I got one not so long ago saying if I didn't pick up the phone I would be arrested.

Visions of Plod stood outside your house with a battering ram watching you through the window.
"Nope not answered the phone, let's go boys!"

 

[Bahnhof Strasse]

All I ever get are the random robocalls along the line of "You are being investigated, do not disregard this message"

I had one of these the other day, it said I could speak with them and sort it out today or they'd send someone round and I'd be facing a minimum five years porridge.

 

[Sasaferrato]

If HMRC pro-actively offered me a rebate, instead of me having to do the calcutions and write to them, I'd automatically be extremely suspicious!

Indeed.

 

[danski]

Don’t fret, luckily we’ve got Fatima on the case now

 

[FridgeMagnet]

Mind you - it's easy to take the piss out of the shit ones, but there are good reasons why they're shit. Spamming is cheap, but if the next stage in the scam is human contact, that's expensive, so as a scammer you want to filter out anyone who might be at all wise to it and thus waste your time. Therefore you make the initial approaches really bad so that only people easy to exploit go for them.

Fully-automated scams, where all the stages are cheap, don't need to filter people out (even if they're not necessarily as profitable) so it's in the scammers' interests to make them as convincing as possible. I've seen some really good ones which have only fallen down when checking URLs.

 

[Mation]

Don’t fret, luckily we’ve got Fatima on the case now

Operation Nutcracker?

 

[platinumsage]

I just got this text from 60886

It stinks of scam but can't see how it could be as it has no links in it

"HMRC: Thanks for filing your tax return. Please pay by 31 Jan deadline. If you need help to pay, search HMRC payment plan on Gov UK. Already paid, thank you."

 

[Pickman's model]

I just got this text from 60886

It stinks of scam but can't see how it could be as it has no links in it

"HMRC: Thanks for filing your tax return. Please pay by 31 Jan deadline. If you need help to pay, search HMRC payment plan on Gov UK. Already paid, thank you."

any normal person would just ignore it and carry on

 

[platinumsage]

any normal person would just ignore it and carry on

I would if I knew it was a scam, but I'd like to know whether HMRC have suddenly started actually sending me text messages.

 

[Pickman's model]

I would if I knew it was a scam, but I'd like to know whether HMRC have suddenly started actually sending me text messages.

Check a list of genuine HMRC contacts

Check recent contacts from HMRC to help you decide if a suspicious email, phone call, text or letter could be a scam.

www.gov.uk

 

[maomao]

I would if I knew it was a scam, but I'd like to know whether HMRC have suddenly started actually sending me text messages.

Yes and 60866 is their number. And as you've observed there's no possibility of a scam in the text, it's just telling you to pay up.

 

[platinumsage]

Well it's a badly worded text and I filed and paid back in May, so I don't know why they bothered.

 

[Kevbad the Bad]

We had a phone call recently saying that our loft insulation was unfit for purpose and that our neighbours had been complaining about it. That really takes the biscuit!

 

[Argonia]

Had one the other day saying my payment for my car wasn't delivered to the DVLA because the debit card was declined. I don't have a car.

 

[Pickman's model]

Had one the other day saying my payment for my car wasn't delivered to the DVLA because the debit card was declined. I don't have a car.

we had a phone call the other day saying my partner had won £5m on some nhs scratchcard

we have never brought an nhs scratchcard and it's my experience that if you win on a scratchcard you approach the lottery people because they don't have your details

and that's before you get onto whether a £5m nhs scratchcard prize exists

 

[Argonia]

Pickman's did you get to the bottom of that nuisance caller a while back?

 

[Pickman's model]

Pickman's did you get to the bottom of that nuisance caller a while back?

never heard anything more of it

 

[Argonia]

That's good

 

[Kevbad the Bad]

Then it later turned out that our two year warranty had expired on our 18 year old washing machine. The line went dead after I told them how old it was.