Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Scam of the Week – Fraudsters Target Elderly with Bogus HMRC Calls

HMRC phone scam

The public are being urged to be vigilant after a rise in phone scams from fraudsters pretending to be Her Majesty’s Revenue and Customs (HMRC).

Members of the public have reported receiving both phone calls and answerphone messages from someone claiming to work for HMRC. The call starts as an automated message, then the victim is put through to a person.

The caller informs the victim that there has been a complaint about their tax and that a warrant has been issued for their arrest. They are given a telephone number to dial so the money can be immediately paid to avoid further action.

A large number of the scam calls have been targeting the elderly as the fraudsters believe they will have a better chance of cashing in by harassing the victim into making an urgent payment.

HMRC released a statement in relation to the increase in fake calls: “HMRC is aware of an automated phone call scam which will tell you HMRC is filing a lawsuit against you, and to press one to speak to a caseworker to make a payment. We can confirm this is a scam and you should end the call immediately.

“This scam has been widely reported and often targets elderly and vulnerable people. Other scam calls may offer a tax refund and request you to provide your bank or credit card information. If you cannot verify the identity of the caller, we recommend that you do not speak to them.”

Phone scams are increasing in number and are proving a very effective way to trick people into disclosing sensitive information. This practice is commonly known as vishing.

Vishing is a combination of the word voice and phishing and refers to phishing scams that take place over the phone. The fraudsters will often create a sense of urgency to convince the victim into handing over sensitive information or to make a payment.

The call will often be made through a spoofed ID, so it looks like it’s coming from a trustworthy source. A typical scenario will involve the scammer posing as a bank employee to flag up suspicious behaviour on an account. Once they have gained the victim’s trust they will ask for personal information such as login details, passwords and pin. The details can then be used to empty bank accounts or commit identity fraud.

To avoid being tricked by a vishing attempt:

  • Be wary of phone calls from unknown numbers – If a call comes out of the blue from a number you’re not familiar with then treat the call as suspicious.
  • Never give out personal information over the phone – Legitimate organisations will never ask you to disclose personal information such as a pin, password or bank account details over the phone.
  • Hang up – If you’re feeling intimidated or harassed by the call then hang up immediately. A common tactic is to create a sense of urgency to pressurise the victim into handing over their details.
  • Ring the organisation directly – If you think the phone call is a scam then hang up the phone and ring the organisation directly. Source the official number yourself and never call back using the number the caller has given you.

MetaPhish has been designed to provide the first line of defence against phishing and ransomware attacks. Contact us for further information on how we can help protect your business from this growing threat.

about the author

sharing is caring

Share on linkedin
Share on twitter
Share on facebook

you might enjoy reading these

UK GDPR Series Available Now

Privacy is an ongoing concern for every organisation, however, the notion of consent isn’t without its complications. To help organisations navigate data protection protocols, we
Read More »

Seasonal Phishing Templates

Phishing is a year-round activity for cybercriminals, and just like retailers, they use seasonal events as an opportunity to cash in. Seasonal occasions, including St
Read More »

Request Demo

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

  • email you content that you have requested from us
  • with your consent, occasionally email you with targeted information regarding our service offerings
  • continually honour any opt-out request you submit in the future
  • comply with any of our legal and/or regulatory obligations