skip to Main Content

At The Identity Organisation, we're here to help!

If you have any questions, just contact us by mail or phone and a member of our team will be in contact with you.

Contact Us Anytime

Our ears and inbox are always open (or at least Monday-Friday, from 9am-5pm).

Mercury House
19-21 Chapel Street, Marlow,
Bucks, SL7 2HN

+44 (0) 1628 308038

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038

    HMRC smishing tax scam targets UK banking customers

    Smishing Scam

    An advanced HM Revenue and Customs (HMRC) tax rebate scam is targeting UK residents this week via text messages (SMS).

    The smishing campaign is concerning as it employs multiple HMRC phishing domains and tactics, with new domains added every day as older ones get flagged by spam filters.

    Not only do the phishing pages mimic HMRC’s web interface meticulously, but they also have entire online banking workflows built into them, depending on who your banking provider is. 

    As observed by BleepingComputer, the smishing scam starts with a text message informing the recipient that they are eligible for a tax rebate as they had paid “emergency tax” this year.

    Although this is a well know lure for smishing, this campaign is concerning as it is sophisticated and employs multiple HMRC phishing domains and tactics, with new domains added every day as older ones get flagged by spam filters.

    BleepingComputer discovered the campaign has entire sets of phishing sites mirrored from real websites of prominent UK high street banks to target their customers. The list includes Barclays, Clydesdale, Halifax, NatWest, HSBC UK, Metro Bank, Nationwide, Citi, Lloyd’s, TSB, Co-op, RBS, Santander, Tesco Bank, and Yorkshire Bank.

    The extensive nature of this campaign and thoroughly built online banking workflows indicate this is a well-planned smishing project designed by skilled threat actors. New-school security awareness training can teach your employees how to avoid falling for smishing and other social engineering attacks.

    With thanks to the Cyber Defence Alliance and Bleeping Computer. The full story is here:

    Request A Demo: Security Awareness Training


    New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defence. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser:

    Back To Top