top of page

Membership is FREE so join today to receive your welcome pack and access to all of our cyber security advice and resources.

Want to improve your cyber resilience?

Beware of the Latest HMRC Scam on iPhones


HMRC Letter with Scam Alert Logo
HMRC Scam Alert

We wanted to share some important information about a new scam targeting iPhone users via Apple’s iMessage. These messages claim you’re eligible for a tax refund from HMRC and directs you to a fake website. It’s a bit tricky because these messages are hard to block or report.


How the Scam Works

Criminals are using compromised accounts to send these messages, making them look legit. These accounts are often bought on the dark web and altered to appear like official government accounts so they will contain the words ‘GOV’ and ‘HMRC’. Unfortunately, it is a really simple process to change the display name in iMessage and criminals know this.


Protect Yourself

Verify the Source: Don’t trust the display name alone. Always double-check through official channels. Just because the title reads ‘GOVUK’ does not mean it has come from HMRC or another official source.


Avoid Clicking Links

If you get an unexpected message, don’t click any links. Instead, visit the official website directly. Always check the official site or contact and never through a link or telephone number on the text.


How to Report the Scam

If you get a scam message, here’s what you can do:


Do not respond or click any links.


Forward the message to 7726 (SPAM). This allows teams at the National Cyber Security Centre (NCSC) to run checks on the scam and in lots of cases take down and stop the criminals from producing this sort of scam. Once you have done that simply block the number it has come from and delete the message.


If you are unable to forward the message, then don’t panic. Again, simply block the number and delete the message off your device. Most official government agencies will have another way of reporting scams as well as 7726. So, if you want to help your community you can always still report it on their official sites.


Stay vigilant!

Be cautious of messages that promise money or demand quick action. Always verify through official means and avoid suspicious links to keep yourself safe from scams.


If you would like to know more about ‘phishing scams’ and see and understand some real-world examples the team has created a brand-new presentation called ‘It’s emotional, Baby’. We take a deep dive into some of the traps and tricks used by criminals to get you to click that link, especially the emotional factors that they play on. If you would like us to present this to maybe your team, conference or networking event then please drop us a line at hello@swcrc.co.uk and we can work together to build a safer digital future for everyone.




Comments


bottom of page