Skip to main content

Re-opening businesses at risk of cyber attacks

Thousands of businesses re-opening in the UK could be at risk of cyber-attacks, says David Hough.

We have all sorts of evidence that the threat from cyber criminals is rife and that they will taking advantage of re-opening businesses where they can.

Businesses need to be as savvy as they can as they go back to work and get their systems up and running. Many have reported numerous phishing emails ranging from e-mails telling taxpayers they can claim tax refunds to help protect themselves from the Coronavirus outbreak to emails which state that someone is eligible for a tax refund and then ask you to click on a link or visit a particular website in order to make your claim.

Calvin Gan, manager of the Tactical Defence Unit at F-Secure, a world-wide cyber security firm, said: “Businesses are right to assume that there will be additional security risks as companies go back to the office or go back to work. Effective cybersecurity defence should be turned into a real-time, proactive, and adaptable process instead of a reactive one. Without this, we would expect to see companies shifting their cyber security posture ad-hoc or in a hasty manner when a need arises again. We already saw this as companies had to adapt to having remote workforces. Now is the time to get ahead of the game.

“Account accesses, policy and security procedure changes made to accommodate remote work should be reassessed and readjusted periodically to determine if they are still relevant.

“It’s an important reminder that that these actions and risk assessments are by no means a guaranteed way to expect 100% security. The consensus is to have organisations make risk-informed decisions that help them to be more resilient during this time of fast pace and constant changes.”

Cyber criminals will be looking to attack businesses from every angle and will be looking for weaknesses in not only the technology that they use but also the way in which they operate, especially those companies that suspended operations for a period. People will be under pressure when they get back to work to get the business going and to start generating revenue, but they need to make sure that they don’t compromise their situation by rushing and not taking the necessary steps.

It’s not just phishing attacks, systems could have been hacked while staff were furloughed ready to be exploited when individuals return to work, and it is important that software security is up-to-date and that subscriptions to those have been paid on time. Businesses also need to make sure their normal control procedures are adhered to and not compromised due to individuals not attending their normal place of work. Criminals will be looking hard to see how they can take advantage of the current situation.

Calvin Gan said: “Businesses should always be alert to possible attacks. Phishing is an ongoing issue regardless, but there is still the threat of ransomware targeting organisations through loopholes outside of the email vector. For example, servers and ports can be left unintentionally open to the internet and therefore are open to attack. Cyber criminals often rely on businesses not knowing their entire IT estate and these access points. Now is a good time to map the entire IT infrastructure to find these holes.

“Malware disguised as a popular app or software will continue to be an issue. It is imperative that staff are only allowed to download and install these from legitimate sources, like Google Play, App Store or directly from a vendor website. It is better if these approved software and apps are distributed through a centralised system managed by IT.

“Physical security devices like CCTV and biometric scanners which are used to protect the office should be monitored and checked more closely than before for anomalies and tampering.

“What is normal network activity for a remote workforce may not be when they are ensconced back in the office. Whether a business has in-house or outsourced security operations, there is now a need to retrain the team to spot ‘new’ suspicious behaviours and how to take necessary action.”

Whilst the digital era has already witnessed a wide variety of scams, the outbreak of Coronavirus has led to a sharp increase in the number of ways individuals are being contacted by fraudsters who represent themselves as HM Revenue & Customs (HMRC) officials. We set out below a range of examples of the types of scam in circulation, with advice on how to recognise them and avoid being taken in.

Coronavirus-specific scams:

  • Emails telling taxpayers they can claim tax refunds to help protect themselves from the Coronavirus outbreak
  • Text messages telling taxpayers they can claim a goodwill payment from HMRC
  • Text messages imposing a fine for leaving the house more than once.

Neither the HMRC specifically, nor Government more widely, communicates with individuals either by email or by SMS, unless you have signed up to the relevant protocol with them. Certainly, payments that can be claimed by taxpayers or fines that can be imposed are not dealt with in this way. However, fraudsters may change the ‘display name’ on their email address to make it appear genuine.

Tax refund and rebate scams:

Although these scams have been around much longer, it is worth a reminder to be wary and to reiterate that HMRC does not use these forms of communication to notify taxpayers of refunds. These scams could be in the form of:

  • emails which state that you are eligible for a refund and ask you to click on a link or visit a particular website in order to make your claim
  • text messages claiming to be from HMRC offering you a tax refund if you provide personal or financial details
  • WhatsApp messages or social media messages.

How to handle these scam messages

If you receive one of these messages:

  • Do not reply to these emails, texts, WhatsApp or social media messages
  • Do not call the phone number listed in an email or text
  • Do not click on any links or open any attachments in emails
  • Do not provide any personal or financial details
  • If in doubt about whether an email or text is genuine, click on/hover over the ‘display name’ email address from which you have received the email. This will show you the full details of the sender and will make it clear whether the email is from a genuine Government or HMRC source
  • If you are still unsure, forward it to HMRC and then delete it. If you are in doubt about the source of one of these messages, forward it to HMRC. You can do this via email at or via text at 60599 (network charges apply) and then delete it.

Phone calls threatening legal action

Taxpayers have also received calls stating that they owe significant amounts of tax and that unless they press 1 to speak to a caseworker and make a payment immediately, legal action will be taken against them. HMRC do not make such calls.

If you receive such a call, disconnect immediately and report it to HMRC at including details of the date of the call, the phone number used and the call content.

Finally, be aware that if you receive an offer from a company to apply to HMRC for a tax rebate on your behalf, they are not connected with HMRC in any way. They will normally charge a fee which could be sizeable.

Always read the disclaimers and small print before using this kind of service.

Businesses and individuals now have to be on their guard as we come out of lockdown and gradually get back to work. The Government’s ‘Stay Alert’ statement is just as relevant to keeping us safe from an IT perspective as it is to one of health.

Attacks can come from any quarter to our PC’s, laptops, smart phones and via emails and texts. We have to be really vigilant to protect both ourselves and our businesses.

Would you like to know more?

If you would like to discuss any of the above guidance, please speak with your usual Blick Rothenberg contact.

For any press queries, please contact David Barzilay whose details are to the right.

Check the impact of the Spring Budget Statement with our Tax Calculator Visit our Spring Budget Hub