HMRC Customers Plagued With 2.6 Million Phishing and Phone Scams

HMRC customers have been plagued by over 2.6 million phone scams, texts and phishing emails over the last three financial years.

Over the last three financial years, the Parliament Street research claimed that a total of 2,602,528 reports of phishing and scam emails were created by customers using HMRC services. The financial year with the highest figures was 2016/17 with a total of 921,900 reports. 2017/18 had 782,982 reports and 2018/19 totalled 897,649 – an increase of 15% from the previous year.

The research, conducted by issuing a Freedom of Information Act (FOI) to HMRC, found that spam emails based on tax rebates was the most popular theme, with a total of 1,957,003 reports. 2016-17 had the highest figure at 733,980. The second most popular type of scam was SMS with a total of 150,009 over the last three years. This method of phishing saw a decline of almost half between 2016/17 – 2018/19.

Interestingly, the data provided by HMRC claimed that phone scams are on the rise, with just 407 reported in 2016/17, rising to a worrying 104,774 reports in 2018/19. As well as this, HMRC detailed the figures for the phishing websites that were reported for removal or taken down. Over the last three years, this totalled a staggering 50,323, with 2017/18 being the worst year with 19,198 reports.

In addition to these reports, the FOI data also provided insight into the number of customers who claimed they had disclosed personal financial details. Over the last three financial years, this figure totalled 18,792, with 2016/17 again having the largest reports at 10,647.

Andy Heather, VP, Centrify comments: “These incidents are just a snapshot of techniques used by hackers to gain confidential financial information as well as credentials and passwords. In many cases we’re seeing fraudsters gaining access to company data, using legitimate user ID and log-in details, without raising suspicion. 

“For businesses, it’s time to face the reality that cyber-attackers now no longer hack in, they log in using credentials and passwords that are weak, stolen or in cases of phishing are simply handed over to them. Tackling this problem means adopting a zero-trust approach to all user-accounts, ensuring every employee who tries to access critical information is screened with the necessary password, location and authentication procedures to ensure they are who they say they are.”

(Source: Parliament Street think tank)

Leave A Reply

Your email address will not be published.