Tradesmen and cyber- crime, how to spot a fake HMRC email

Cyber-crime is one of the biggest problems facing businesses in the present day, with hackers attempting both rudimentary and more sophisticated methods to infiltrate your systems and data. Tradesmen have to remain particularly vigilant, especially when self-employed, as one wrong click of an email or letting your financial information fall into the wrong hands can leave you vulnerable to cyber-crime.

What can go wrong?
In the summer of 2018, a tradesman local to Northern Ireland fell victim to one of these attacks when his emails were infiltrated by hackers. They used his account to email one of his customers, posing as the tradesman, and asked them to pay the remainder of the balance owed to him into a new bank account. Having no reason to suspect foul play, the customer paid the remainder into this new account which belonged to the hacker.

Luckily for the tradesman, the fraud was detected in time and the customer was able to cancel the transaction. However, this isn’t always the case. If payments made by customers are done so willingly, banks are not obligated to reverse or reimburse payments, regardless of any irregularities. People who have been affected in the past have lost large sums of money from this, as much as £25,000 in some instances.

Just this year, scammers have been contacting tradesmen posing as HMRC, usually by telephone. They leave messages stating that the victim is under investigation and needs to make a payment immediately in order to panic them into making an immediate payment. HMRC has reported 84,549 reports of fraudulent tax refund messages in the month of March 2018 alone. This scam is particularly believable as they adopt methods actually used by HMRC in order to garner credibility.

To avoid getting caught out, you need to remain vigilant. If you receive a call from an official body such as HMRC, you’re well within your rights to terminate the call and call back using their official number as stated on their website. You may also receive emails from HMRC that may seem genuine, but there are some signs to look out for.

Spotting a fake HMRC email

  • Watch out for common greetings such as ‘Dear Customer’ or Dear [email address]
  • Click on the email sender – does the email address look genuine?
  • Hover over any link it asks you to follow and check the link in the bottom-left corner of your browser to see where it really leads – if you have any suspicions, delete the email and call the official HMRC number
  • Genuine emails will never offer a tax repayment or ask you to disclose personal information
  • Be wary if it states something along the lines of ‘Urgent Action Required’

In order to protect yourself from cyber-attacks, use a strong password and try to avoid guessable family or pet names and use different passwords for different accounts. Try to use two-step identification where possible to create an extra layer of security against a possible cyber-attack. Finally, it’s wise to agree on any payment terms with your customer in advance and inform them that any changes will need to be agreed on either face to face or by mail.

If the worst should happen and you do get caught out by scammers or a cyber-attack, you can stay safeguarded with the right insurance. This will cover you for business interruption, reputational damage and numerous other factors resulting in financial loss. Speak to amb insurance today on 01782 740044 to set up a policy to protect your business.