David Emm, principal security researcher, Kaspersky Lab
David Emm, principal security researcher, Kaspersky Lab

Many businesses and consumers are on high alert for tax-fraud scams during the first quarter of the year. Whilst most people work hard to get their tax returns filed by the April deadline, another group of people are working hard to deliberately separate taxpayers from their refunds. 

Fraud is an ever-growing issue for companies, as cyber-criminals continually exploit new ways to undermine defence systems. It can seem like a never-ending battle but combating fraud is crucial for businesses to maintain a strong reputation among consumers. 

What's more, recent ONS figures show that online fraud is now the most common crime in the UK, with almost one in 10 people falling victim. These stats demonstrate how cyber-criminals operating in this field are shifting tactics and techniques to capitalise on risks within the sector to great effect. 

As online fraud continues to grow, there are various types of scams, which can take place, and it's important for consumers and businesses alike to be aware of the threats.  

Phishing emails 

Many people now do their taxes online, and cyber-criminals are seeing this as a huge opportunity for phishing schemes. Take the recent HMRC email scam which sends fake emails asking the recipient to create a "government gateway account" to access information about their tax refunds, and subsequently requests personal banking details. 

Phishing emails are the attempt to entice you into providing sensitive information by pretending to be a legitimate organisation (eg HMRC). Phishing is a popular way for fraudsters to target people over the Internet, because web browsing has become safer, making it harder for cyber-criminals to propagate their malware through infected web pages. 

The tax season has become a treasure trove of sensitive personal information and financial data, which cyber-criminals now see as a quick earning opportunity given that taxpayers are often overwhelmed by the complexity of filing their taxes.  

Multi-channel attacks 

As more and more people become aware of phishing emails, this has left cyber-criminals using all available means to contact potential victims, whether that be text messages, advertising or social networks. 

More commonly, fraudsters often trick people into giving out information over the phone, which they then use to access an account directly or to send credible-looking phishing emails. 

Take for example, the recent phone scam in which you receive a call from a local number, where the scammers ask “Can you hear me?”. Responses are then recorded, and if you answer” Yes”, this is edited to appear as if you have agreed to a purchase. Another example is the investment scam, which took place earlier this year, in which a fraudulent company used aggressive sales tactics over the phone with elderly and vulnerable people, to convince them to invest. One victim was convinced to pay a huge £700,000 to the tricksters. 

Apps and messaging 

We now live in a digital-first world and will continue to see consumers turning to online channels, apps and connected devices. Fraudsters have also turned their attention to these platforms enabling cyber-criminals access to personal information, which they can secretly extract and exploit. 

recent survey by LexisNexis Risk Solution uncovered the fact that 54 percent of UK millennials are worried about their identity being stolen through app-based activities. The rise of financial scams was also put down to the app boom, opening up these platforms as further avenues for financial fraud. 

Creating resiliency around cyber-security is neither a seasonal nor a one-time activity. Businesses and consumers alike need to ensure that they are suitably protected when it comes to managing their tax affairs. We continually hear about the variation and complexity of scams, and unfortunately, much like ransomware, some victims give up their hard-earned cash to these criminals.

Contributed by David Emm, principal security researcher, Kaspersky Lab

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.