Scammers are increasingly targeting VAT-registered businesses with phishing attacks.
Warnings have been issued by a number of organisations, and taxpayers are being encouraged to check requests carefully.
To help you avoid becoming a victim of these fraudsters, here is what you need to know to avoid getting caught out.
Phishing and VAT fraud
Phishing is when cyber criminals send fraudulent emails or text messages containing links to malicious websites.
These websites often trick users into revealing sensitive information (such as passwords) or encourage taxpayers to transfer money.
They can also contain malware that sabotages systems and organisations or ransomware, which holds sensitive information or systems ransom in return for a fee.
For example, scammers are manipulating and submitting form VAT 484 to HM Revenue & Customs (HMRC) to change legitimate bank details to theirs.
Once a repayment return is processed and verified by HMRC, funds are directed to the fraudsters’ accounts instead of the legitimate ones.
Many businesses are currently being targeted by these methods as they submit their regular VAT report to HMRC and make payments.
While they can be hard to identify, there are recurring scams that target both individual finances and businesses.
The most common ones include:
- Texts or calls offering HMRC tax refunds
- Email scams about tax rebates
- Automated phone call scams that claim HMRC is filing a lawsuit.
Never disclose personal or financial information about you or your business to people or websites claiming to be HMRC – unless you are 100 per cent sure that you are speaking to the tax authority.
HMRC will only ever email you about a tax rebate or ask for personal or payment information from an email address that ends in hmrc.gov.uk.
To find out more about how you can prevent yourself from falling victim to an HMRC scam, please visit the tax authority’s dedicated advice page.
How to prevent phishing attacks
It is difficult to mitigate against all phishing attacks. However, there are steps you can take to protect your organisation as much as possible.
The National Cyber Security Council (NCSC) recommends a four-layer defence system:
- Make it difficult for attackers to reach your users.
- Help users identify and report suspected phishing messages.
- Protect your organisation from the effects of undetected phishing emails.
- Respond quickly to incidents.
You can implement these four layers of defence by:
- Using secure, encrypted connections for business transactions and HMRC communications.
- Conducting regular phishing awareness training for all employees.
- Implementing multi-factor authentication for access to sensitive accounts.
- Reporting suspicious emails to HMRC (phishing@hmrc.gov.uk) to help fight phishing scams.
If you are unsure whether a communication from HMRC is legitimate or not, please seek advice from our team at the earliest opportunity.
For more information, please get in touch.
Our BLOG
Capital Gains Tax clampdown – What HMRC’s surge in investigations means for you
TESTIMONIALS
The staff at CST are always very friendly and approachable.… Read more “Mr JD Dolling, SW Heating Equipment Ltd”
We have been with CST for more than seven years… Read more “Doris Francis, Engineering Services (Bridgend) Ltd”
Our business has been handled by CST for many, many… Read more “Mr & Mrs Rise”
I moved my business to Clay Shaw Thomas because I… Read more “Sandra Wilkinson of Sage Marketing”
The audit was well planned and executed efficiently, with minimum… Read more “GE Carpentry”
Privately and within the company Clay Shaw Thomas provides a… Read more “Seashore Enterprises”
I am very happy with the service from CST. An… Read more “Mr Atkinson “
The family connection with CST goes back many years and… Read more “Dr Jones”
CST are very efficient, courteous and proactive when dealing with… Read more “Mr CMG Adams”
I have been a client for over twenty years and… Read more “Mr J T Wall”
Always one step ahead of the game, CST have helped… Read more “Mr RT Evans”
CST Staff always give unbiased advice in a clear and… Read more “Mr L Branfield”
It has been a professional pleasure working with CST, they… Read more “Mr P Jenkins”
SUBSCRIBE to our list
If you would like to see full details of our data practices please visit our Privacy Policy and if you have any questions please email tellmemore@clayshawthomas.com.