Category: Phishing

HMRC Arrest Warrant Scam

Lots of scammers impersonate HMRC to call or text or email with messages about your needing to make instant payment against the amount you owe HMRC in unpaid taxes.

This new version of the scam involves automated calling systems, cloning of phone numbers and a call centre of criminals.

E.g. You receive an automated call (or maybe its recorded on your answer phone)

The message states that an arrest warrant had been issued under your name and you should press “1” to speak to the case officer or maybe the message directs you to call a specific number.

If you press or call the number you are put through to a call centre of scammers and you will be pressurised to make immediate payment to avoid being arrested.

The payment is likely to be iTunes vouchers. This may seem an odd choice, but once purchased – you just need to tell them the ID number for the vouchers and they can make use of them.

Obviously HMRC do not really accept payment in vouchers so this should warn any potential victims, but some people do pay up without thinking or checking.

The number is usually displayed on a person’s phone as 0300 2003300 – the official number of HMRC. On some phones, when the call comes through “HMRC” appears on their screen as if that is the genuine caller.

However, while the number appears to be a genuine it is in fact from fraudsters looking to trick unsuspecting victims out of their money.

Don’t assume anyone who has contacted you is who they say they are. If an email, phone call or text message asks you to make a payment, log in to an online account or offers you a deal, verify whether it’s real or just a clever scam.

How to Stay Safe Against These Scams

  1. Recognise the signs – Genuine organisations, such as banks and HMRC, will never contact you out of the blue to ask for your PIN, password or bank details
  2. Do not give out private information, reply to text messages, download attachments or click on links in emails you weren’t expecting
  3. Forward suspicious emails claiming to be from HMRC to and texts to 60599, or contact Action Fraud on 0300 123 2040 to report any suspicious calls or use its online fraud reporting tool

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

A Story of Cat Phishing

Thomas Brewster of Forbes published the story of how hackers cat phished a Deloitte’s employee.

An employee at Deloitte, one of the Big Four accounting firms, fell victim to a fake Facebook account in late 2016. The attacks, believed to have been perpetrated by Iranian government spies, occurred around the same time as a separate hack, which affected Deloitte’s data.

Mia Ash is a fictional woman created by the hacker crew known as OilRig, which cybersecurity firm SecureWorks believes is sponsored by the Iranian regime. In July 2016, Mia’s controllers targeted a Deloitte cybersecurity employee, engaging him though the social network in conversations about his job. As the online relationship grew, the employee offered to help his new friend Mia set up a website for her alleged business. Eventually, the controller behind Mia exploited the positive rapport to convince the Deloitte employee to open a malicious document sent by Mia on his work computer. Though it’s not believed that particular malware infected the wider company network, according to the sources, it illustrated the ability of the controllers to gain the employee’s trust.

The Mia Ash persona was built on the photos and profile information of a real woman from Romania, Cristina Mattei. With alluring images and active avatars across Facebook, WhatsApp and LinkedIn, Mia was a convincing fraud, described previously by SecureWorks cybersecurity researcher Allison Wikoff as one of the most developed fake personas she’d ever seen.

Mia was convincing enough to gain the internet friendship of the cybersecurity professional and, after sending messages for months convinced him to open a file, supposedly containing some of her photos, on a work laptop. Fortunately for Deloitte, the malware inside, (a tool dubbed PupyRat designed to pilfer credentials for corporate systems), didn’t make it onto the company network.

To Deloitte’s credit, its cybersecurity protections prevented the malware from reaching its network.

An attack like this takes a lot of time to prepare and execute and the attacker must believe there is something of sufficient value to be gained to make all that effort worthwhile.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature