Keeping on top of scams, fraud and cyber crime

With HMRC warning about new scams targeting personal data or money transfers, the government has unveiled a plan to tackle financial scams and frauds which have become increasingly difficult to spot. Following a recent serious ransom attack that targeted the payroll data of several major organisations, keeping up with alerts and taking care of your data is more important than ever.

One recent HMRC scam consists of text messages claiming that the recipient’s national insurance number has been used in a fraud. Others promise tax rebates. Tax credit claimants are being particularly targeted at the moment, with tens of thousands of fake websites purporting to give information about tax credits. HMRC has alerted claimants to be wary of scam communications that falsely appear to come from HMRC. Typical scams include:

• emails or texts claiming an individual’s details are not up to date and that they risk losing out on payments they are due;
• emails or texts claiming that a direct debit payment has not ‘gone through’;
• phone calls threatening arrest if people do not immediately pay fake tax owed;
• emails or texts offering spurious tax rebates or bogus grants or support.

Other criminals have stolen personal data of employees of several large companies through a cyber attack on third-party payroll and human resources software. The data lost includes national insurance numbers, dates of birth, home addresses and bank details. The attack highlights the difficulty any organisation has in ensuring that suppliers providing critical services are cyber secure. Companies that outsource their payroll or any other sensitive operations should encrypt any data being transferred, and apply password protection with the password provided separately.

Anti-fraud plans

The government has recently unveiled a strategy for tackling scam texts, emails, phone calls and adverts, which, it says, now make up 40% of all crime. Among the proposals are:

• A new National Fraud Squad (NFS), with over 400 specialist investigators, will pursue “the most sophisticated and harmful fraudsters” and fraud will be made a priority for the police.
• Cold calling on all financial products will be banned and criminals will be prevented from being able to send scam texts in bulk.
• It will be harder for fraudsters to ‘spoof’ UK phone numbers to make it look like they are calling from a legitimate business.
• Reporting scams will be made easier.

Companies that outsource their payroll or any other sensitive operations should encrypt any data being transferred, and apply password protection with the password provided separately.

However there is much that individuals and businesses can do to protect themselves against fraud. One way of spotting an email scam is to examine the sender’s email address. For example, genuine government emails will always come from a gov.uk email address. Messages from banks and other financial organisations will never request passwords and other personal information. Don’t follow links in emails or texts.

Working from home is another risk area. Ideally, to minimise leaks of sensitive data, staff working out of the office should only do so within office-based computer systems and, ideally, using corporate computers and phones, although this inevitably comes at a cost. Personal WhatsApp and email accounts should not be used for work, and vice versa. Passwords must be secure and changed regularly. Businesses should consider using professional help to review their ways of working.