Members of the public are being warned about a new email phishing scam, which falsely purports to be from the “Government Digital Service Team”. The scam, uncovered by the Parliament Street think tank’s cyber research team, is targeting low-income earners.
- Furlough warning: ‘Good news’ amid HMRC ‘clawback’ penalty
It claims that the recipient of the email will be receiving a Council Tax Reduction of nearly £400.
Worryingly, this scam uses official branding and government logos, in an effort to seem genuine to the addressee.
However, this potentially convincing email instead then redirects them to a malicious site, the think-tank has found.
The site is designed to harvest personal information, such as bank card details, account number, sort code and security code – in addition to one’s home address and mobile number.
Already, the scam has been flagged by local Councils to those in Wrexham, Cheshire, and Runcorn.
However, the scam is now believed to have started a second wave, targeting hundreds of other individuals across the UK.
Hundreds of new incidents of this email landing in people’s inboxes across the UK have been found by researchers from the Parliament Street cyber research team.
So, what should people watch out for when it comes to this particular email?
It’s understood that it begins: “You have a new message from GOV.UK about your Council Tax.”
In the accompanying message, it continues: “You are getting a Council Tax Reduction (this used to be called Council Tax Benefit) considering you’re on a low income or get benefits.
“Total amount of benefits: GBP 385.50.
“The refunded amount will be transferred directly on your Debit/Credit card.
“Apply now to claim the reductions made over your past two years of Council Tax payments.”
According to the research team, the scam email had several notable discrepancies.
- Tax perk fears as Rishi Sunak launches Comprehensive Spending Review
This includes that it states that a refund of £385.55 was available in the subject header.
However, in the main copy of the email, it says that the supposed amount is £385.50.
Commenting, Andy Harcup, VP Sales of Absolute Software, said: “Since the start of COVID-19, the cyber threat facing adults in the UK has surged, and this latest attack is one of many which have been designed to prey on individuals’ vulnerability and fear during this trying time.
“In particular, hundreds of email phishing campaigns have targeted corporations and businesses, with malicious attackers standing ready to take advantage of naïve or distracted employees, or exploit gaps in security controls.
“Regardless of the quantity of security training and software put in place, data will always be at risk from a sophisticated cyber attack, and therefore, it’s essential that CISOs take steps to quickly pinpoint potential threats and neutralise any cyber breaches as and when they occur, with effective and resilient endpoint security.
“This should equip organisations with the ability to communicate, control and repair remote devices beyond corporate networks as well as measure the health of security control apps and productivity tools, so that remote workers can safely stay productive.”
Stav Pischits, CEO of Cynance, a division of Transputec commented: “It’s incredibly easy for hackers to copy government branding, logos and text from official websites and quickly create realistic-looking scams.
“All too often, weary workers who are struggling with the financial impact of the COVID-19 outbreak will jump at the chance for a discount or refund like this.
“Anyone receiving an email like this should also double check the source address of the sender and carefully examine the communication for typos and errors, often associated with online scams.
“Failure to do so could put the financial and personal data of the individual and their employer at risk.”
Source: Read Full Article