COVID-19 Tax Refund Phishing Attacks Offering Fake U.K. Government Grants
Researchers at Forcepoint describe an unusual phishing attempt that purported to come from the UK’s tax office, HM Revenue and Customs (HMRC). The email itself was clearly a phishing template. It informed recipients that the government was offering grants between £2,500 and £7,500 to workers impacted by the COVID-19 pandemic, and it contained a link for the user to check their eligibility for such a grant. The email itself was sent from “hmrc[@]hm.com,” a domain belonging to the multinational clothing retailer H&M.