‘You have received new messages from HMRC’ Scam Emails

Over the last couple of weeks we have noticed a number of our clients receiving emails purporting to be from HMRC so we thought it an appropriate time to cover the subject in a blog post.

The emails themselves are clever, very convincing and difficult to block. Here’s 3 reasons why you should be wary of these sort of emails:

1. They appear to come from HMRC. (look at the email properties to see the actual sender – often disguised).
2. The content looks genuine as it is copied from legitimate HMRC emails.
3. The payload is able to pass anti-virus (AV) scans because it is zipped which makes it harder to detect. It contains no actual payload but tries to send the recipient to an infected site that contains malware. Some variations contain a zipped attachment containing Report.zip containing Tax Notices Report.exe.

Here at Ponticello our email is scanned at the time it arrives at the online server, scanned a second time by a different AV product as it is collected, scanned a third time by a different AV product as it is delivered to our internal server and scanned a fourth time as it arrives at each PC. This particular HMRC scam is still arriving. It is very difficult to block this type of email because:

1. The content is designed to look innocent.
2. The sender is different for each email but the visible sender is always HMRC.
3. We can’t block HMRC as a subject or as a sender.
4. The content keeps morphing to avoid detection.

It is a widely publicised scam, as can be seen on the BBC and the Telegraph websites but we would like to make sure everyone is aware of it. If you would like any more information, please don’t hesitate to contact us or view the HMRC’s help pages on the topic!