HMRC is a prime target for phishing and other cyber attacks. Fraudsters frequently send out email messages disguised to look as though they come from HMRC, and some of them are extremely convincing. Luckily they’re on the case. According to an article on the Computing website, the revenue prevented fraud totalling a monster £103m in the 2014-15 tax year, as revealed in the government’s UK Cyber Security Strategy annual report.
Government systems an ‘attractive’ target for scammers
The Cabinet Office believes government systems present an ‘attractive’ target to cyber criminals. No surprise when most people tend to trust government organisations to a certain extent, at least as far as communications go. Sadly the threat is apparently growing year on year. HMRC took down just under 1000 fraudulent websites in 2012, but by 2015 the figure had increased to more than 11,000.
HMRC’s dedicated cyber security team was created in 2012, designed to protect the government’s finances from cyber threats. Their Cyber Security Command Centre correlates and analyses data from several sources in an effort to identify malicious threats. They trawl the internet, including social media, to winkle out potential evidence of tax fraud.
Get cyber-threat advice from the government
The revenue has also been providing cyber security advice to taxpayers, through initiatives to raise awareness about phishing and fake emails pretending to come from HMRC. From April to December 2015 alone, HMRC’s online cyber security advice was viewed over 800,000 times. In April, the City of London Police’s Action Fraud and National Fraud Intelligence Bureau revealed almost 100,000 UK residents reported ‘HMRC’ phishing emails throughout 2015.
Many ordinary people and businesses receive at least one phishing email per day, often a whole lot more, from scammers purporting to be from a wide range of organisations, commonly banks. Apart from HMRC phishing scams, the most common include fraudulent corporate communications, personal warnings, security alerts, invoices, package deliveries, pharmaceuticals, job offers and invitations to connect on social media.
How can you tell what’s real and what isn’t?
Caution is your best approach. Even if an email looks as if it’s come from HMRC, it’s better to be safe than sorry. Don’t trust it, don’t open it and most of all, don’t click on a link within the message. Just delete it. And report it to HMRC. Here’s where you can do exactly that.
Have you been fooled by a phishing message?
If you’ve ever fallen for a clever phishing scam pretending to be from HMRC, how did you tell it wasn’t real? And what did you do about it?