Please don’t fall for these surprisingly bad phishing scam emails

January 30, 2020 TH Author

There’s a new wave of phishing scams, hoping to trick the unwary into handing over their credit card details or passwords. Fortunately, although some are worryingly convincing, others are surprisingly poor.

Cybersecurity company Mimecast has spotted an uptick in scams using the promise of tax refunds as a way to entice people into giving up private information including their name, address, phone number and card details.

The increase in scams is probably timed to coincide with the 31 January deadline for filing self-assessment tax returns with HMRC in the UK. Around 12 million people in the UK are required to fill out a self-assessment tax return this year, so these scams can seem like a tempting proposition.

“Many people see this process as an annual headache and this pressure can make them even more susceptible to these sorts of scams,” Mimecast said.

Fortunately, many of these scams have stylistic oddities and grammatical howlers that should put careful readers on their guard. Spelling mistakes, names for government agencies that don’t sound quite right, and other formatting problems should set alarm bells ringing. Another warning sign is that they come from obviously non-official email addresses. However, other scams are much harder to distinguish from the real thing and effectively mimic the look-and-feel of the tax authorities.

Whether they are good or bad quality attacks, “unfortunately, attacks like these do work and that’s why they continue to grow in popularity,” said Carl Wearn, head of e-crime at Mimecast.

“Any unexpected communication from an organisation asking for these details is almost certainly going to be a criminal attempt to steal your credentials via a seemingly genuine website. For any site where you must use your login credentials, it’s imperative that you navigate these websites using your browser,” he said.