HMRC ‘Pending Payment’ Text Message Phishing Scam

Photo of author

Written by: Stelian Pilici

Published on:

Scams have become an unfortunate reality in our digital age, with cybercriminals constantly devising new ways to deceive unsuspecting individuals. One such scam that has been on the rise is the HMRC ‘Pending Payment’ text message phishing scam. This scam targets individuals by impersonating the UK’s tax authority, HM Revenue and Customs (HMRC), and aims to trick them into revealing sensitive personal and financial information. In this article, we will delve into the details of this scam, how it works, what to do if you have fallen victim, and provide valuable insights to help you stay safe online.

Scams

What is the HMRC ‘Pending Payment’ Text Message Phishing Scam?

The HMRC ‘Pending Payment’ text message phishing scam is a fraudulent scheme that attempts to trick individuals into believing they owe money to HMRC. The scammers send text messages to potential victims, claiming that they have an outstanding tax payment that needs to be settled urgently. The messages often include a link that directs the recipient to a fake website designed to look like the official HMRC website.

Once on the fake website, victims are prompted to enter their personal and financial information, such as their full name, address, date of birth, bank account details, and even their National Insurance number. The scammers then use this information for identity theft, financial fraud, or sell it on the dark web to other cybercriminals.

How Does the Scam Work?

The HMRC ‘Pending Payment’ text message phishing scam typically follows a specific pattern. Here is a step-by-step breakdown of how the scam works:

  1. The scammer sends a text message to the potential victim, claiming to be from HMRC and stating that they have an outstanding tax payment.
  2. The message creates a sense of urgency and fear by stating that failure to pay the outstanding amount will result in legal consequences, such as fines or even imprisonment.
  3. The text message includes a link that directs the recipient to a fake website designed to look like the official HMRC website.
  4. Once on the fake website, victims are prompted to enter their personal and financial information.
  5. The scammers may also use scare tactics, such as threatening phone calls or additional text messages, to pressure the victim into providing their information.
  6. After the victim submits their information, the scammers gain access to their sensitive data and can use it for various fraudulent activities.

What to Do If You Have Fallen Victim?

Discovering that you have fallen victim to a scam can be distressing, but it is important to take immediate action to minimize the potential damage. If you have fallen victim to the HMRC ‘Pending Payment’ text message phishing scam, here are the steps you should take:

  1. Contact your bank: Inform your bank about the situation and provide them with all the relevant details. They can help you monitor your accounts for any suspicious activity and take necessary measures to protect your finances.
  2. Change your passwords: Change the passwords for all your online accounts, especially those related to your finances. Use strong, unique passwords that are difficult to guess.
  3. Report the scam: Report the scam to HMRC by forwarding the fraudulent text message to 60599 (charged at your network rate). You can also report it to Action Fraud, the UK’s national fraud and cybercrime reporting center.
  4. Monitor your credit: Keep a close eye on your credit reports and consider placing a fraud alert or credit freeze on your accounts to prevent any unauthorized access.
  5. Scan your devices: Run a thorough scan of your devices using reputable antivirus or anti-malware software, such as Malwarebytes Free, to ensure that no malware or keyloggers have been installed.

Technical Details of the Scam

The HMRC ‘Pending Payment’ text message phishing scam relies on social engineering techniques to deceive its victims. The scammers often use spoofed phone numbers to make it appear as if the text message is coming from HMRC. They also create fake websites that closely resemble the official HMRC website, using similar logos, colors, and layout to trick victims into believing they are on a legitimate platform.

Furthermore, the scammers employ psychological tactics to create a sense of urgency and fear in their victims. By threatening legal consequences and using scare tactics, they manipulate individuals into providing their personal and financial information without thinking twice.

Statistics on HMRC Phishing Scams

Phishing scams targeting HMRC have been on the rise in recent years, with cybercriminals exploiting the fear and anxiety associated with tax payments. Here are some statistics that shed light on the prevalence of HMRC phishing scams:

  • In 2020, HMRC received reports of over 846,000 phishing emails, text messages, and phone calls.
  • Between April 2020 and March 2021, HMRC took down more than 1,000 fake websites related to tax scams.
  • According to Action Fraud, victims of HMRC scams lost a total of £2.4 million in the 2020/2021 financial year.

Summary

The HMRC ‘Pending Payment’ text message phishing scam is a fraudulent scheme that aims to deceive individuals into revealing their personal and financial information. By impersonating HMRC and creating a sense of urgency, scammers trick victims into visiting fake websites and providing their sensitive data. If you have fallen victim to this scam, it is crucial to take immediate action by contacting your bank, changing your passwords, reporting the scam, monitoring your credit, and scanning your devices for malware.

Remember to stay vigilant and skeptical of unsolicited messages or calls claiming to be from HMRC. Always verify the authenticity of such communications through official channels before taking any action. By staying informed and taking necessary precautions, you can protect yourself from falling victim to scams and keep your personal information secure.

How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.

    Shield Guide

    It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.

  2. Keep software and operating systems up-to-date.

    updates-guide

    Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.

  3. Be careful when installing programs and apps.

    install guide

    Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."

  4. Install an ad blocker.

    Ad Blocker

    Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.

  5. Be careful what you download.

    Trojan Horse

    A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.

  6. Be alert for people trying to trick you.

    warning sign

    Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.

  7. Back up your data.

    backup sign

    Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.

  8. Choose strong passwords.

    lock sign

    Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.

  9. Be careful where you click.

    cursor sign

    Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.

  10. Don't use pirated software.

    Shady Guide

    Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.

Previous

‘Win a Brand New Ford Raptor’ Facebook Scam

Next

‘Non-Resident Clearance Form’ Advance Fee Scam