This particular scam targets the self-employed and involves text messages which inform victims that they are due a tax refund. They have to tap the link in the message to claim the refund, at which point they are sent to a fake version of the HMRC website complete with government branding where they must enter personal details such as home address, postcode, their HMRC email address and password, and then the refund amount will be shown.

The site even has a message about cookies, making it look more genuine.

Of course, in order to claim the refund, the victim needs to enter their financial information, in this case, your long card number, name on card and CVV and expiry date. Armed with all this information, the criminals have enough to impersonate you and make purchases.

While the scam is clever, it would be a lot more convincing if it actually offered what the SEISS does. The scheme doesn't give people tax rebates. Instead it offers self-employed workers a grant, which is worth 70% of their average monthly trading profits. It has recently been extended by the Chancellor, Rishi Sunak, which will allow people to claim a second (and final) grant. You can find out more details on the (real) Government website.

Jesus Sanchez-Aguilera Garcia, Head of EMEA Consumer at McAfee said, “We’ve seen numerous cases of fraudsters trying to cash in during the pandemic and now, self-employed workers are the latest group to be targeted, with cybercriminals using the Self-Employment Income Support Scheme (SEISS) as a way to gain private and personal information.  

As we’ve seen previously during tax return periods, cybercriminals can take advantage of the influx of expected calls and emails HMRC experience and prey on victims through various tactics, much like this new SEISS phishing scam which targets the self-employed. If you do receive a message that appears to be from the government claiming you are eligible for a tax refund, it’s best to call HMRC directly to confirm.

In addition, as a general rule of thumb, if you ever receive an email requesting personal info, always go directly to the company’s website to be sure you’re working with the real deal and determine the legitimacy of the site. If you do suspect any fraudulent emails, we’d recommend forwarding these to [email protected], or if it’s an SMS message forward it to 60599.”

The advice applies to many other scams too, and being careful not to click on links in emails and text messages from unknown senders is crucial. Running a web browser extension which warns you of fake and dangerous websites is a very good idea, too. These are often free, as well as being part of antivirus software packages.

Here are more coronavirus scams to avoid.