Scammers and fraudsters are looking for new ways to get money and data out of unsuspecting businesses.
The latest wave of compliance changes made to Companies House and HM Revenue and Customs have resulted in businesses being confused about what is expected of them.
Sensing an opportunity, the scammers have sought to take advantage of the situation and trick people out of sensitive data.
We are going to break down a recent scam and show you how to stay safe.
Businesses are reporting receiving letters that seem to be from HMRC but are part of a scam aimed at tricking businesses into divulging sensitive data.
The high quality of the letters is leading to many people being fooled.
These scams are not the typical declarations that you have won a prize in a context you never entered, but are far more sinister.
As HMRC have tightened their compliance procedures, many businesses are anxious to stay compliant and will give out any information they are asked for to anyone who asks for it.
These letters are from a fictitious “Indv and Small Business Compliance” team and state they are in line with a “recent government initiative aimed at verifying declared income.”
New verification measures have been implemented by Companies House, so any confusion is understandable.
The letter informs recipients to verify their financial information through email before requesting:
No matter what changes, HMRC will never request information this way.
Reputable businesses make their filings with Companies House and HMRC regularly and not in response to ad hoc requests for information.
While there is a greater need for verification, this too will be done through more standard measures and not using a bizarre email address.
The email address in the letter was the biggest indicator that it was a scam.
The email address is a “.org” address, which, while normally carrying some weight from typical organisations, is entirely invalid for a government agency.
HMRC email addresses will have the “@hmrc.gov.uk” address to signify their authenticity.
Businesses need to be wary of any requests for information and never send anything to an untrusted address.
Contacting HMRC is always an option if you have even the slightest doubt about the authenticity of a request.
If you receive a fake letter, then be sure to report it to HMRC’s dedicated phishing inbox.
Scammers are hoping you will give them your data so they can take your money and ruin your business.
Never be too quick to reply to letters or emails, especially if they are marked as “urgent”.
You and your team should be undergoing regular cybersecurity training to learn more about spotting scams and dealing with them effectively.
Double-checking any correspondence is a core part of mitigating phishing and minimising the risk of data fraud.
You deserve to be safe when doing business, so stay vigilant for scams.
We will provide you with up-to-date information on compliance changes so that you can stay well informed and be less vulnerable to scammers.
For more help and guidance, speak to our team today.
