What is it?
You’re convinced to make a payment or give your business’ financial details to someone claiming to be from an organisation you trust. This could include paying a fake HMRC bill or providing your business’s bank details to “your bank”.
Often these scams begin with a call, email or text message that appears to be from a trusted organisation. Criminals use a tactic called spoofing to make their call or text message appear genuine by cloning the number or sender ID which the organisation uses.
How to spot an impersonation scam
- You receive a call, text or email out of the blue with an urgent request to make payment or requesting your business’ financial information
- You’re asked to act immediately sometimes with the claim that “payments need to be verified” or to claim, “a pending tax refund”
- The caller may ask you to download software onto your computer
- The sender’s email address domain is different to that of the genuine organisation
Examples of impersonation scams
Pending tax refund
Jacob* received an email from what appeared to be from HMRC informing him his business was eligible for a tax refund, with a link leading to the “official claim application form”. He proceeded to click on the link and hurriedly filled out the form, not wanting to miss the stated deadline. Jacob failed to notice the email he received was in fact not from HMRC, with the link contained inconsistent with the official Gov.UK’s URL and the email addressing him as “Dear Customer” instead of using his full name. The form he had just completed was also fake.
A few days later, Jacob contacted HMRC using the number from their official website who informed him that he had fallen for a scam. He had also noticed transactions on the business’s bank statement that he didn’t recognise.
If only he had taken a moment to contact the organisation directly to validate the request.
Working from home
Daisy* had never worked from home before and was having trouble trying to connect to her broadband when a pop-up informing her that her computer had been infected by malware appeared on her screen. Panicking she called the helpline in the pop-up and was informed by the supplier that she needed to provide remote access to her computer by downloading software onto her computer in order to rectify the issue.
Once the download was complete and the remote access was granted, Daisy was asked to login to her online banking to pay a fee for the tech support services she had received, not realising that the criminal had already started to move money out of the business’s account.
*These case studies are based on insights from partners