Shady characters are always on the prowl, seeking to scam businesses out of money and data.
With all of the recent changes to Companies House and HM Revenue and Customs guidelines, it is no surprise that businesses feel more vulnerable than ever.
Keeping track of the changes is hard, and scammers are seizing the moment to take advantage.
We are exploring a disturbing scam that has taken place recently so that you can avoid falling victim to a fraudster.
Scammers have taken to using fake HMRC letters to prompt individuals into divulging sensitive data.
These letters are of a higher quality than one might expect from a scam.
These are not the badly spelled texts you get asking you to sign for a package you never bought, but more sophisticated mockeries of the real thing.
HMRC’s recent guideline changes have caused no small amount of uncertainty around what may be requested of them.
Claiming to be from an “Indv and Small Business Compliance” team, the letters make reference to a “recent government initiative aimed at verifying declared income.”
This is likely designed to mirror the changes to Companies House that have seen additional verifications required for identity and both business and email addresses.
The letter informs recipients to verify their financial information through email before requesting:
The simple answer is that HMRC will never request information like this.
There is a reason you make filings with Companies House and get your identity verified in the same way.
HMRC can access the documents they need without having you send them to an email address you have never seen before.
The email address in the letter is the biggest red flag.
The email address is a “.org” address, which, while normally carrying some weight from typical organisations, is entirely invalid for a government agency.
HMRC email addresses will have the “@hmrc.gov.uk” address to signify their authenticity.
Always pay close attention to where you are sending information before you send it.
If you have any doubts, there is no harm in contacting HMRC directly to check the legitimacy of any correspondence.
If you do find yourself in receipt of a scam letter, report it to HMRC’s dedicated phishing address where they will investigate it further.
Scammers are always looking for new ways to get your money and your data, and you can lose your reputation if you fall for their tricks.
Always take your time before responding to letters and emails, especially if they insist that it is “urgent”.
Regular cybersecurity training can help keep you and your team compliant with guidelines and protected from phishing letters and emails.
Always be calm and collected when handling correspondence, and double-check information requests as these are often scams.
Stay safe and stay alert as you conduct your business.
For more help and guidance, speak to our team today.
