The latest scams are spoof emails pretending to be from the UK Government or the IRS in the USA. These phishing emails use one of the oldest tricks in the book, luring you in with claims that you’re entitled to a tax refund – this time because of coronavirus. It’s a cunning trick because so many people are facing the strain financially and the ‘news’ that they’re entitled to a rebate because of hardship can tempt them to click the link. Of course, like all phishing emails, the links take you to a web page where the victim enters their name, address and other personal details (or social security number and photo ID details) – enough for criminals to steal their identity, open bank accounts and apply for credit. What usually happens is that the details are sold for a premium price on the dark web so they can be used for money laundering, and the police will come after you for the crimes.
The research team at NortonLifeLock Labs have seen many examples of these emails, including the one above which is supposedly from the UK’s HRMC which claims “the government has established a tax refund programme for dealing with the coronavirus outbreak”. If you fall for this scam, which comes from ‘noreply@govadvice.co.uk’ you’ll be taken to the convincing page below which ask you to enter your full name, email and date of birth. These fake websites will ask for your bank or card details (including three-digit security code) so the refund can be paid to you. But this, as the team at NortonLifeLock say in a blog post should be a major red flag. Governments never ask you to confirm these sorts of details for a payout. Ultimately, this is simply a new twist on an age-old scam and the advice to avoid getting caught out is the same as ever: It’s usually quite obvious if the website is fraudulent as the URL won’t match the genuine one. For HMRC, that’s https://www.gov.uk/ and for the IRS it’s https://www.irs.gov/. Go to those sites and navigate to sign in or whatever information you require. The team at Norton have put together these lists of sites to watch out for. Note that they’ve been modified here so they’re not real links, so you can’t accidentally click on them.
hXXp://mail[.]lockdown-support[.]org/refund/index?code=2hXXps://gov[.]pandemic-recovery[.]org/covid-19/Login[.]php?hXXps://govuk-alerts[.]net/refund/index?code=2hXXps://govlockdown[.]org/refund/index?code=2hXXps://govlockdown[.]com/refund/index?code=2
hXXp://covid-stimulus[.]org/hXXp://disvey[.]ir/authcovid-19reliefgov/?labor_departmenthXXps://routerbotic[.]com/irs-corona-payment-monthly/hXXps://snreklame[.]com/mobile-authcovid-19gov/?labor_departmenthXXps://irsfgov[.]com/
Hacking banks or your computer is much harder than ‘hacking’ you, which is why this type of scam is becoming more and more common. You are the weakest link in the security chain and while security software does a great job of combatting viruses and other internet nasties, it can only go so far in warning you that it’s not a good idea to click on links in emails or start handing over your card number on the phone. Simon Edwards, CEO of SE Labs, says that it’s really quite simple to protect yourself. “People are very clever, which is why we spot unusual things really well. Technology can be abused to confuse us, such as hiding a website’s real address, but generally we can ‘smell a rat’. Unfortunately, the attackers are really devious too. And highly motivated. They know as well as any psychologist how we tick and how to tap into our weaknesses. And they know how to use computers to catch out even the most wary.” “The simplest and most effective advice is to manually type in web addresses. It’s less convenient than clicking on a link sent to you by email or SMS, but if you want to visit websites belonging to HMRC, the Home Office or your bank then a quick search on Google will give you the obvious pages to visit. Save them to your bookmarks if you’re likely to visit again anytime soon. A password manager can add some convenience to this way of working.”
Related articles for further reading
Latest security news Convincing council tax reduction emails are a scam Watch Out For New Lloyds Bank Scam Emails & Text Messages Best antivirus software Best password managers
Jim has been testing and reviewing products for over 20 years. His main beats include VPN services and antivirus. He also covers smart home tech, mesh Wi-Fi and electric bikes.