How to avoid legislation scams and stay safer online

In this article, we take a brief look at some of the ways people are tricked by scammers into giving up their personal information and account login details.

These criminals are astute and adapt at exploiting changes in legislation to trick us into believing that they are your bank, HMRC, court officers or some other representative of authority. Their aim is to gain access to your personal data and/or bank details so they can fraudulently take your money.

By following a few simple best practices, you can dramatically reduce your chances of exploitation and protect yourself from future targeting.

Email scams (Phishing)

In a typical phishing attack, scammers send fake emails to thousands of people, asking for sensitive information (such as bank details), or containing links to bogus websites. They might try to trick you into sending money, steal your details to sell on, or they may have political or ideological motives for accessing your organisation’s information.

Phishing emails are getting harder to spot because they masquerade themselves with current legislation changes or duplicate the branding of you current providers and some will still get past even the most observant users.

Whatever your business, however big or small it is, you will receive phishing attacks at some point. If you ever receive an email that offers an incentive, a tax refund, or threatens you with a fine or court action unless you provide certain information or follow specific directions, your immediate response should be to assume that you have received a bogus email.

Recent examples recently have included bogus links to claim the Self-Employed Income Support Scheme grants. When you receive these types of emails, here’s what you should do:

• Never click on the links in the email.
• Never open any attachments included in the email.
• If these email looks like it has come from one of your current providers, go the the website directly (rather than click the link in the email) to seek further information.
• Once you log directly into your bank account (for example) you will likely have the same message there if legitimate and you can respond accordingly
• If you are still unsure, seek advice by calling your provider directly. Do not use any telephone numbers included in suspected scam emails.
• If the email mention any specific grants, you can contact your accountant to find out the validity of any such schemes.

Set up 2-factor authentication (2FA)

This sounds complicated but it is really simple. 2-Factor Authentication (2FA) works by adding an additional layer of security to your online accounts. It simply requires an additional login step (beyond just the username/password) to gain access to your account.

A common example of 2FA is your bank or other account provider sending you a text message with a code that you need to enter to confirm that it is really you accessing your account.

Other ways you may be contacted by scammers and what to do

In simple terms, HMRC will never contact you via social media (facebook, Twitter etc.), WhatsApp or messenger. If you receive any communication via this method, ignore and block it.

Your bank my send you a text message but again if there are any links, avoid them. Go directly to your bank to login, you’ll find the message there, if legitimate.

Educate your staff and family members

To ensure that you remain as safe as possible, you should ensure your staff and family members are aware of these best practices.

Don’t ignore those updates

Scammers are relentless, they are continually trying to find ways to exploit businesses and individuals. Make sure everything you use online is up to date and therefore has the latest security patches. Over time, scammers find ways to exploit your systems but the good news is that your providers will create updates to block these vulnerabilities so don’t ignore software updates.

• Keep your computers update with latest updates and security patches
• Keep your mobile phone updated to the latest updates and security patches
• If you have a website, make sure it is maintained and upgraded regularly and your data is encrypted. This way you not only protect yourself, you protect your clients.

Summary

Any clients who receive messages through any of the above channels who are unsure about responding, please call for advice.

If you manage your own tax affairs and the communication you have received is tax related, contact HMRC using one of the phone lines published on the GOV.UK website to ask if the message you have received is genuine.

You can also report suspicious HMRC emails, text messages and phone calls by following the instructions at https://www.gov.uk/government/organisations/hm-revenue-customs/contact/reporting-fraudulent-emails.