Tax Filing Deadline Fuels Phishing Fears

Peter Judge,

Taxpayers under pressure to file online before Monday’s deadline may fall prey to scams

UK citizens in a hurry to get their tax returns in before the final deadline of Monday 31 January are in danger of falling for email phishing scams, according to a security company.

With the last deadline for paper tax forms long past (in October 2010), anyone struggling to file self-assessment tax returns will have to use the online service, and do it smartly, before Monday. Organised scams, some developed in the US and elsewhere, await these vulnerable users, according to Internet security services company Webroot.

Scammers profit from tax panic

Although spam levels are currently low, phishing gangs have become increasingly organised, and seize on opportunities where large numbers of people are in unfamiliar online situations and under pressure.

HMRC’s dual deadline for paper and online is part of a UK government move to get more people to use online services, in the hope of making savings by “switching off paper”.

The HMRC deadline is a golden opportunity for scammers, however, and taxpayers are being hit with sophisticated email scams claiming to come from HM Revenue & Customs, says Jeff Horne, director of threat research at Webroot.

Phishing emails may contain dire threats or promise refunds. There was a rash of such scams in 2010, when the HMRC’s computer system was revealed to have miscalculated 1.5 million people’s tax.

Needless to say, HM Revenue and Customs doesn’t contact people in this way – although TV ads at one stage did have TV presenter Moira Stewart issuing advice from a broom cupboard.

Users must be vigilant

Scam messages lead users to copies of the HMRC pages, with disguised URLs designed to exctract personal details. Many of these pages will include “www.hmrc.gov.uk” at some point, but not next to the “http://”. In any case, users should not click on links in emails.  They may also contain malicious attachments.

Horne advices users to scan their PC before logging into their bank account or any other financial site, and not do any of these things over an open wireless connection or ain at a public hotspot.

People should also type in the HMRC address, rather than adopt the lazy practice of using Google. The dominance of search terms like “Facebook” on Google, shows that all too many people use Google instead of entering “http://”, opening themselves to poisoned searches, where a scammer’s plausible URL appears near the top of a Google result,

Horne also advises users to put their tax forms onto a CD or DVD, instead of leaving them on their hard disk, or in their cache, where they may be accessible to other people.