VAT Return and Payment Overdue Scam Email

Why User Vigilance Is Important

Today we received a gentle reminder that no matter how hard we work to keep out cyber-threats, there is always a weak link to target in any business system. The users. This exploit concerns a VAT Return and Payment Overdue scam email which was received in the office today. The instant reaction was to jump to the conclusion that we had to do something quickly, to avoid a penalty. Which is just what the reprobate behind the email was hoping.

What To Look For

This is a warning about a VAT Return and Payment Overdue scam email, which may catch out the unwary. If you are a business owner or have responsibility for finance matters please watch out for this innocent looking communication.

VAT Return and Payment Overdue Scam Email image
VAT Return and Payment Overdue Email Scam

How To Tell It Is A Scam Email

VAT Return and Payment Overdue Scam WhoIs Result Image
WhoIs Result

If you hover the mouse over the sender, most good email systems will tell you the address you will be replying to. In this case you will not be surprised to learn that it is not from HM Revenue and Customs  (HMRC) at all! It comes from a suspicious email address which is registered to someone called Denis. Denis apparently lives in Moscow, and is using the unlikely email address of info@hmrccustomersupport157.top.

When The Penny Drops

After a few laps of the office, looking for a quick solution, or a way to pass responsibility over to someone else, the recipient had the good sense to check up via the HMRC website. The information there on the site , which is linked below, made him think twice. He reported the matter to Information Security, fortunately, before clicking on and opening the email attachment.

Cost of the VAT Return and Payment Overdue Scam

In our case, the cost of this particular email scam was trivial. It mostly involved additional wear and tear on the carpet and some lost productivity. According to an anonymous source in finance, there was also some lost paint from the ceiling. It could have been much more costly, if the user had opened the attachment and did not have up to date anti virus.

While HMRC may send you an email if you are overdue with VAT payments, they will use the normal contact email address, and will recommend that customers pay online to avoid further action. These emails will never ask you to provide personal or financial information. You won’t be able to reply to the emails, which will be sent from no.reply@advice.hmrc.gsi.gov.uk.

In Conclusion

This VAT Return and Payment Overdue scam email has been timed to catch the unwary by being the right date, but a month early. Let people know that they should ignore the call to act immediately, and instead report the matter to IT security. Even if there is no malicious payload in the attachment, scam emails like this can disrupt the flow of energy in a business and ultimately cost money.

The Upside

On the upside, this scam is an early reminder that our VAT return has to completed at the end of this month, so I might go and give the finance team a gentle reminder!

Further Information

For authoritative information about when your VAT return is due, see www.gov.uk/vat-returns/deadlines

To report instances of this email scam, forward the suspicious emails to HMRC phishing team at: phishing@hmrc.gsi.gov.uk

Another Email Hoax To Avoid

Another one of those pesky email hoaxes popped into our in-box today. It was the Simon Ashton hoax, with the warning forwarded by a well meaning friend. As we tell all our staff, collogues, customers and friends, the email hoax works because people think “better safe than sorry”

The amount of email that a typical hoax can generate is a major cost to organisations. Just think of a company with 60 employees; if each person takes a minute to read a hoax virus email, that will cost an hour of lost productivity. Then if half of them spend a couple of minutes forwarding it to their friends, that is another hour lost! Once a few people in your company have received a warning and mailed it to all their friends and colleagues, a mail overload can easily result.

We support the advice that companies should consider circulating a policy on virus hoaxes to all their staff, in an attempt to avoid the costs involved.

For a sample anti hoax virus policy click here to visit Sophos – Don’t fall for a virus hoax