Security challenges

Hear from our experts on the latest threats and & to prevent them

Egress Blue Yellow 1920X253

HMRC and payroll phishing emails increase by 317% ahead of tax deadline

March 30th 2022

With the end of the UK tax year approaching, Egress researchers have detected a sharp rise in phishing scams impersonating UK tax authority HMRC and payroll software providers. Cybercriminals are taking advantage of the deadline to manipulate their victims into downloading malicious attachments. Egress VP of Threat Intelligence Jack Chapman shares his advice on how to avoid falling for a phishing attack.

Jack Chapman, VP of Threat Intelligence at Egress, explains, "We’ve seen a 317% increase in phishing scams impersonating HMRC and payroll software companies, like Xero, as cybercriminals take advantage of the end of the UK tax year. The hackers are sending out mass emails, using spoofed display names so that the email appears to be from HMRC. Individuals should take extreme caution when reading notification emails that request them to click on a hyperlink or download any attachments, as these can contain dangerous malware. HMRC do not email anyone regarding tax returns, refunds or rebates. You can find further advice regarding HMRC phishing impersonations on their website.”

You might also be interested in ...

LinkedIn phishing attacks up 232% in February

The attacks we have seen are bypassing traditional email security defenses to be delivered into people’s inboxes. Without technology deployed within the mailbox to help them detect attacks, it can be difficult for individuals to avoid falling victim. You can see in the screengrabs provided that Egress Defend has alerted the recipient to the attack within their inbox. 

Deepfake phishing: Should we be concerned?

We're expecting deepfakes to become a growing trend in phishing attacks. Here's what you need to know.

The Trouble With DMARC

The growing response by mainly large organisations is to turn DMARC. (Domain-based Message Authentication, Reporting, and Conformance), an open standard that can help prevent phishing attacks.