Phishing email - The Book-keepers Forum (UK)

Jay · Senior Member

Phishing email

Cheshire · Master Book-keeper

Oh thats so funny!

Yet, also not so funny!

HMRC = amazing .......again.

So wish we could fine THEM every time they make an error - what is the percentage for careless error? biggrin

Leger · Master Book-keeper

Hi Joanne and Jay

I'm waiting to see if they implement GDPR!

Jay · Senior Member

The scamming has now escalated with over 100 locals ( Isle of Wight) receiving phone calls demanding money with threats of arrest.

The calls are from a "Bot" which recognises replies and responds accordingly.

They are also asking for payment by I-Tune vouchers, being untraceable.

They do not have any taxpayer details but the message is very convincing to supply your details to them to "verify" who they are talking to.

One client asked them to refer to us and the "automatic" rely was " Your Accountant knows nothing" ( mmmm bit harsh )

We have contacted all our clients and asked them to refer any calls from HMRC to us and cease the call.

BW

Jay

VinceH · Expert

There are examples on YouTube of where people have set up bots the other way around - to receive scam calls (or simply cold callers in some cases) and record the often entertaining calls that result.

I think it would be interesting (and informative for less clued up people who might otherwise fall for it) if someone could do the same for this scammy bot caller.

VinceH · Expert

On the subject of phishing emails, I had an interesting one today.

The email itself is fairly bog standard. It claims to have an invoice attached - a PDF file.

Now, normally I wouldn't recommend people do this - but it's very much a case of "do as I say, not as I do" because my set up is probably "a bit more safe and secure" than most, so...

Upon opening the "invoice" there's a company logo (as you might expect) then three elements containing a link:

The text "UNABLE TO VIEW ONLINE DOWNLOAD TO OPEN THE ATTACHED"
A graphic saying "DOWNLOAD PDF"
The text "This file is securely attached open with your professional email Credentials"

The link is badly set up - it lacks a protocol at the start, so clicking it attempts to load it locally (i.e. from the computer, instead of the web).

Copying and pasting the link into a browser now, nothing happens (I have to enable JS to see that my A/V software is blocking it - unfortunately, I'm coming back to this as an afterthought. Earlier, it threw up log-in request with logos for various mainstream email providers such as Microsoft's Outlook365, Gmail, and so on. The aim, obviously, to get the victim to input their log-in details.

As I said, nothing particularly special - fairly bog standard stuff.

However, what intrigues me is that it purports to come from one of my client's customers. (The from line is their accounts address, though the reply-to is entirely different.) The logo in the PDF is indeed that customer's - and looking at their website, the name used is indeed someone at the company.

It might be a coincidence, but the client in question does get scammy email attempts notably often, which fit a particular pattern: They tend to be "from" a director, asking the recipient either if they can set up a payment (with no details - expecting a reply and to follow-up with the details) or to set up a payment, with the necessary details. I've sometimes received these emails, sometimes it's others at the company.

This tends to happen when whichever director it claims to be from is away on holiday. Sometimes the scammers get it wrong - but the timing is right often enough I think it's someone who has some (incomplete) knowledge of the company, and the comings and goings, etc.

So this email claiming to come not just from a random company, but from a customer of the client is a bit too coincidental to me. I can't help but think it might be the same dodgy actor trying a new tactic.