All email users across the UK have been warned about a dangerous new scam that could end up costing them money. The UK Government has just issued a new alert about a bogus email that cyber criminals are spreading where they pose as Her Majesty’s Revenue and Customs (HMRC). The recipient is told that HMRC has detected a ‘failed direct debit’ and to fix this issue they need to send across some information.
But this is all just part of an elaborate con to steal sensitive data from unsuspecting Gmail, Hotmail and Outlook users.
Details that are at risk as part of the scam include personal and financial information. Clearly, if online crooks get hold of these banking details it could lead to a victim being left seriously out of pocket.
Alerting email users to the threat, the official HMRC Twitter account posted: “We’ve picked up a new scam where criminals email people a fake ‘failed direct debit’ alert, pretending to be from HMRC, to steal their personal and financial details.
“This is a SCAM”.
Anyone who receives this message in their Gmail, Outlook or Hotmail account is advised to report it to the Government.
You can report suspicious emails in a number of different ways including forwarding them to the address [email protected]
Advising people on how to report a suspicious email – and how to spot one – the Government urges: “To help us deal with your email as quickly as possible, you should give details of what you’re reporting in the subject line (for example ‘Suspicious email address’).
“HMRC will never send notifications of a tax rebate or ask you to disclose personal or payment information by email.
“We may share your email address and phone number with other organisations to close down the scam.”
Besides requests to send across personal or financial information, there are other tell-tale signs to spotting a scam message – whether that’s over email or text.
This includes odd spellings or typos, as official correspondences from major organisations shouldn’t have these errors, any urgent messages that try to strike fear and telling people to act quickly, or anything suspicious about where the message came from.
For instance, if you receive a text message from a big name company it should invariably have the company’s name as the sender – instead of a number – even if this is the first time you’re hearing from the firm.
While if it’s an official email from a big name company the sender’s email address should be linked to the official domain of the organisation in question, not tied to a Gmail or Hotmail account for instance or featuring any garbled text in it.