Email from HMRC, fake or real?
HM Revenue and Customs (HMRC) have asked to remove over 20,750 malicious sites in effort to crack down on phishing attacks. Which simplify means a fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. Despite a record number of malicious sites being removed, HMRC is warning the public to stay alert as millions of taxpayers remain at risk of losing substantial amounts of money to online crooks.
Never asked dont give out either
Genuine organisations like banks and HMRC will never contact people out of the blue to ask for their PIN, password or bank details. So people should never give out private information, download attachments, or click on links in emails and messages they weren’t expecting.
Example of phishing attack
Here is an example from my own email account, I received a phishing email but sender had no luck because I recognized it as a cyber-attack. You might get similar emails and can look for similar things to avoid any damage to your data by following simple guideline below.
As per first image above you can see email address itself is fake, it not coming from HMRC rather from another domain saunalahti.fi. Also no mention of name to whom email is sent to. Unique reference is wrong too.
It is important that you don’t click on any link in email, it can install malicious software on your machine or device without you knowing e.g a key-logger which will record every key you type or press on your display and hacker can know sensitive information. You can simply hover over mouse on link and read detailed link at bottom of browser as shown in arrow down
You can right click and select option copy URL to test your findings. It is crucial that you use a browser which does not save any password for your daily use and even better no cookies saved at all.
If you past the URL copies from above in browser you will find a site which is not HMRC , it could be any site, if your antivirus software has anti-spam option on for web, it will through warning message like above. There is possibility that hacker might have replicated looks of HMRC site to another URL for deception. You can easily tell from url in address bar which in not HMRC url. It’s common to have redirect of one URL to another as shown in image above, URL in address bar is different from what was copied before. This is done through URL 301 redirect.
Now dipping bit deeper if you like, as per image above, if you look into message source codes by right clicking on message or in Hotmail down arrow of reply button and clicking on view message source, you will see more details in next image
Once message source code is displayed trigger search option (Ctrl+F in widows) and type from. You will notice actual email address hidden in codes that is used to send email to you in first place. This is called masking.
Above image show the website displayed when I typed in the actual domain as per senders email in question.
If you copy the link from above image to browser it will redirect to genuine HMRC website section.
If you click on pad lock sign and click on more detail option you can see certificate and wording of trusted site. You would not see such wording on a doggy site.
Two Factor Authntication
HMRC has also introduced two factor authentication methodology i.e you user name and password and security code sms to your registered mobile number for added security. You should use two factor authentication wherever possible to make procedure more secure. Many online accounting software use this as standard these days.
Report Spamm or Phising attack
They can also contact Action Fraud on 0300 123 2040 to report any suspicious calls, or use its online fraud reporting tool.
Here is link for more guidance on countering phishing.