A new threat tactic is being used to determine if sandbox environments are being used…
An advanced HM Revenue and Customs (HMRC) tax rebate scam is targeting UK residents this week via text messages (SMS).
The smishing campaign is concerning as it employs multiple HMRC phishing domains and tactics, with new domains added every day as older ones get flagged by spam filters.
Not only do the phishing pages mimic HMRC’s web interface meticulously, but they also have entire online banking workflows built into them, depending on who your banking provider is.
As observed by BleepingComputer, the smishing scam starts with a text message informing the recipient that they are eligible for a tax rebate as they had paid “emergency tax” this year.
Although this is a well know lure for smishing, this campaign is concerning as it is sophisticated and employs multiple HMRC phishing domains and tactics, with new domains added every day as older ones get flagged by spam filters.
BleepingComputer discovered the campaign has entire sets of phishing sites mirrored from real websites of prominent UK high street banks to target their customers. The list includes Barclays, Clydesdale, Halifax, NatWest, HSBC UK, Metro Bank, Nationwide, Citi, Lloyd’s, TSB, Co-op, RBS, Santander, Tesco Bank, and Yorkshire Bank.
The extensive nature of this campaign and thoroughly built online banking workflows indicate this is a well-planned smishing project designed by skilled threat actors. New-school security awareness training can teach your employees how to avoid falling for smishing and other social engineering attacks.
With thanks to the Cyber Defence Alliance and Bleeping Computer. The full story is here: https://www.bleepingcomputer.com/news/security/hmrc-smishing-tax-scam-targets-uk-banking-customers/
Request A Demo: Security Awareness Training
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defence. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW