Tag: Security

HMRC VISHING SCAM AND HOW TO AVOID!

It’s 08:19am on a Saturday morning in early Febuary and I wake up to three missed calls and three voicemails from a number I don’t recognise. Now I never listen to my voicemail messages but something told me that this morning I should check them out, clearly who ever called me was desperate for my attention so the least I can do is listen to what they have to say right?

So I access my voicemails and listen to them each in turn, all with the exact same pre recorded message:

“This is the HMRC, a tax fraud case has been filed against your name and unless you pay the amount requested an arrest warrant will be made against you, please press 1 to speak to an advisor”

Now i’m barely awake at this point but even I know something doesn’t feel right, I reverse search the number and realise this is the beginning to a vishing scam that is currently sweeping the UK but before we go any further there’s a few things you need to understand…

What is a vishing scam?

A vishing scam is a type of phishing attack where criminals will call you posing as a bank staff member or other financial service employees and try to get you to share your personal information over the phone, they will use social engineering tactics to persuade you to reveal personal details which will allow them to access your accounts.

But what is phishing? In a nutshell, phishing is a cyber attack that criminals use by using disguised emails as weapons to gain your personal credentials by tricking you into believing the email is from a legitimate source. The criminals spoof (fake) their email address so it looks like its coming from a trusted source, set up fake websites to look like the originals and use slightly modified URLs to direct you to a site created by the criminals in the hope you will provide them with your personal or financial information.

“Someone mentioned smishing is that the same thing?” – Absoloutely! Smishing is the equivalent to phishing and vishing but the criminals use text messages in order to try and steal your information.

THE hmrc scam

So what exactly happens in this scam?

Well it starts pretty much the same for everyone just how I described above. You’ll get a call from a mobile number that you don’t recognise and even sometimes the criminals will spoof their number to make it look like the official HMRC number. You will then have the pleasure of listening to that lovely pre-recorded message explaining that you will shortly be arrested unless you pay the money you owe and to press 1 to speak to an advisor. Pressing 1 transfers you to an ‘HMRC representative” aka the scammer. Now vishing scams are no simple feat and there is usually a highly complex criminal web with multiple people involved who may seem highly convincing. The representative will then proceed to tell you the accusations against your name and even provide pdf documents as if to seem legit, they will then ask you for more details and to start transferring money now as you’re on a timed call and the money has to be paid ASAP. (Some victims have said that the criminals told them the police were on standby 30minutes away and if they didnt pay within that time frame the police would arrive at their address). They’ll ask you to start transferring money in small amounts to different bank accounts as this makes it a lot harder for your bank to track the routes that the money takes.

Now you’re probably sat there thinking, “yeah i’d definitely know this was a scam and i’d hang up”, well lucky you but these calls can be highly intimidating and when you’re under pressure you can make extremely rash decisisons.

As the call progresses the questions get more personal in the hope you’ll reveal more information that is useful to the criminals until they’ve taken large amounts of your money and left you broken both financially and mentally. It’s intense and they will target anyone. Young or old, global pandemic or not.

I’ve been victim to one of these calls what should i do?

Well first of all you need to know that:

HMRC will never send an email, text message (or message in an app such as WhatsApp) or give you a phone call which:

  • tells you about a tax rebate or penalty
  • asks you for your personal or payment information

Next you need to report the call to the official HMRC phishing team

Final thoughts

hang up like it’s 2004 and you have a flip phone

Now I come from a performing background where I was registered as self employed and very rarely had anything to do with the HMRC unless it was to fill out my self assessment form. The rest of the year I never thought about taxes or any money I needed to pay them. I have many friends in the same position as me and to be honest the knowledge of paying taxes isn’t something i’ve ever been taught. Being a performer you often live from job to job and money is tight, so to receive a call like this without my cybersecurity knowledge, I would be scared. Taxes aren’t a thing that we ever learnt at school and more likely than not, if you get a call from the government saying you owe them money you probably will think that you do. Unfortunately the criminals don’t care. They will target anyone and right now there are a lot of vulnerable people that will fall for this scam. So I ask you all to share this post and talk to your friends about this, spread the word and make sure when you answer that unknown number and that pre-recorded message starts to play you hang up like it’s 2004 and you have a flip phone.

M.

Links for HMRC phishing page & ActionFraud:

https://www.gov.uk/report-suspicious-emails-websites-phishing/report-hmrc-phishing-emails-texts-and-phone-call-scams

https://www.actionfraud.police.uk/

Password managers

What are they? Do I need one?

  • Are you using the same password for more than one application?
  • Would I find your password in the dictionary?
  • Do you forget your passwords easily and often have to reset them?

My guess is you answered yes to at least one of the above questions, if so then you NEED a password manager!

Passwords are a vital part of our online identity, they’re the digital equivalent to a lock on a door which holds all of your personal information. This makes them a prime target for cyber criminals. There are a multitude of ways in which a hacker can crack your password so its super important you have a vault of strong passwords for each site that you use. If a criminal cracks your password they can gain access to your social media, contacts, photos, videos, emails and finances.

I’ll go into detail of how criminals can crack your password in a later blog post but all you need to know right now is if you have an easy password a criminal can crack it quicker than you can read this paragraph. Examples of easy to crack passwords include those that feature common words that you would find in a dictionary, personal information such a birthday or passwords that are shorter than 8 characters long. Using large lists of stolen passwords bought off the dark web, cyber criminals can brute force their way into your lives and then use this to scam you.

The average user has around 100 passwords.

Nordpass 2020

what can i do to protect my passwords?

Well i’m glad you asked! This is where password managers come in to play.

Password managers basically act as an online vault for you to store all your personal information including passwords, addresses and even bank details. They store your login information for all the websites you use and help you log into them automatically. In 2020 Nordpass reported that the average user has around 100 passwords. As technology advances so do the list of passwords we have to remember for each new application and website we sign up for. Password managers encrypt your password database with one ‘master password‘ meaning you only have to remember one password.

What are the benefits of using a password manager?

  • You dont have to remember 100 passwords, just remember one master password.
  • They can auto fill extremely complicated passwords for you such as ‘9y6JlBYf8PiY’ instead of using ‘password123’.
  • They save time by auto filling not only your password but can also auto-fill your personal details in online forms (especially handy when online shopping).

So which password manager should i use?

Many desktops and laptops have password managers which store your passwords locally on your device in an encrypted vault however you can’t access these if you lose the device or if that device becomes compromised.

I would suggest using a cloud based password manager.

The main beenfit of using a cloud based password manager is that you can access it from multiple devices. Many browsers such as safari, chrome and edge all come with password managers installed in them. These are a great starting point for storing passwords.

I personally would recommend the use of LASTPASS. https://www.lastpass.com/

LastPass is a free to use password manager. With an easy-to-use dashboard with unlimited storage, LastPass remembers every password and syncs across all your devices for free. LastPass secures everything you need, from passwords to digital notes, addresses to financial information.

Free features include:

  • Secure password vault
  • Access on all devices
  • One-to-one sharing
  • Save and fill passwords
  • Password generator
  • Secure notes
  • Security challenge
  • Multifactor authentication
  • LastPass Authenticator

how it works

Design a site like this with WordPress.com
Get started