Scam of the Week: Furlough Workers Targeted with Phishing Scam

May 5, 2020 10:05 am Natasha Deeney

Just hours after the UK government opened its furlough scheme for applications, opportunistic fraudsters targeted organisations with a devious furlough phishing scam with the aim of stealing bank account details.

The job retention scheme, which opened on April 20th enables employers to claim grants worth up to 80% of wages for staff furloughed during the Covid-19 pandemic. On its first day, the scheme received applications from more than 140,000 firms.

Furlough Phishing Scam 

In an effort to trick those seeking furlough support, the scam is cleverly disguised as an official email from HM Revenue & Customs, with the subject line “Your COVID-19 Relief Package”.

The body of the email which includes several typos, and asks for the bank account details of the recipient in order for them to make a claim.

The email states: 

“Dear customer, We wrote to you last week to help you prepare to make a claim through the Coronavirus Job Retention Scheme. 

We are now writing to tell you how to access the Covid-19 relief. You will need to tell your us which UK bank account you want the grant to be paid into, in order to ensure funds are paid as quickly as possible to you.”

After clicking on the ‘Complete Claim’ button, recipients are redirected to a spoof HMRC website which requests their personal information, including bank account details. Research reports nearly 1.5 million phishing sites are created each month. These are usually highly targeted, sophisticated, and difficult for victims to detect.

In an attempt to appear legitimate, the phishing scam incorporates official HMRC branding and purports to be from Jim Harra, First Permanent Secretary and Chief Executive of HMRC.

Despite these deceitful tactics, the email includes several common traits of a phishing scam, including a sense of urgency to put pressure on the recipient to act quickly. The email also contains grammar and spelling mistakes, and uses a generic greeting in the opening line.

Often, fraudsters will attempt to trick recipients by using spoof display names in order to make the email appear to be coming from a legitimate organisation. However, by hovering over the ‘from’ address, recipients can reveal the sender domain details. The sender email address in this scam reads as no-reply@ncryptedprojects.com, making it very suspicious and highly unlikely to be from HMRC.

Fraudsters Exploit Furlough Phishing Scam

According to London-based accountancy practice Lanop Group, cybercriminals have been quick to exploit the high levels of interest in the furlough programme. The company said over 50 customers have reported receiving the malicious email, where they recognised that it was not sent from an authentic domain.

HMRC has also reported that more than 227 web addresses associated with the scam campaign have been taken down. 

A spokesperson from HMRC commented: “Fraudsters are taking advantage of the package of measures announced by the government to support people and businesses affected by coronavirus.

“Scammers text, email or phone taxpayers offering spurious financial support or tax refunds, sometimes threatening them with arrest if they don’t immediately pay fictitious tax owed.”

Cashing in on Coronavirus Phishing Scams

Since the outbreak of the Covid-19 crisis, the pandemic is creating a perfect environment for scammers to strike. The National Fraud Intelligence Bureau (NFIB) has reported a 400% increase in scams as a result of coronavirus-related fraud. 

With these numbers expected to rise in the coming months as the virus continues to spread, there are a number of simple steps to stay safe from coronavirus phishing scams.

Combatting Coronavirus Phishing Scams

● Never click on links or download attachments without confirming the source.
● Always take time to think about a request for your personal information, and whether the request is appropriate.
● Seek confirmation from trusted sources.
● Pay close attention to the spelling of an email or web address, if there are any inconsistencies, delete it immediately.
● Ignore and delete emails with unexpectedly poor grammar and formatting.
● Question the validity of any email that asks you to submit personal or financial information.
● Be suspicious of emails or text messages that are threatening or urgent in tone.
● Install the latest anti-virus software solutions on all your devices.
● Use strong passwords to reduce the chance of devices being hacked.
● Consider the use of a password manager to maintain the security of multiple accounts.

Free Coronavirus Awareness Assets

In this time of uncertainty, MetaCompliance is committed to supporting organisations mitigate the risk of cyber threats.

To help communicate good cyber hygiene and vigilance, we have created a bank of free digital assets, which you can use to support your communications during this challenging time.

Click here to access your free awareness assets.

Protect Your Organisation Against Phishing

For further information on how you can protect your business from phishing attacks, download our free Ultimate Guide to Phishing.

Our award winning MetaPhish platform provides a powerful defence against phishing and ransomware attacks by training employees how to identify and respond appropriately to these threats. It has helped protect organisations across the world from this ongoing threat and provides the first line of defence against phishing attacks.

Contact us for further information and learn how we can help protect your business