Brian Sims
Editor

HMRC-branded phishing scams experience 87% rise in 12 months

Posted to News on Monday, July 5, 2021 Share:

REPORTS OF HMRC-branded phishing scams have jumped from 572,029 to 1,069,522 in the last year, representing a surge of 87%. That’s according to official figures obtained by accountancy group Lanop Outsourcing under the Freedom of Information Act whereby data over the three most recent financial years (April 2018-2019, April 2019-2020 and April 2020-2021) has been analysed.

The figures show that reports of suspected SMS scams shot up by 52% on last year, rising from 67,497 to 102,562 attacks. Further, e-mail scams exploded, rising from 301,170 to 630,193, while reports of phone call scams increased by 66% from 203,362 to 336,767.

Of the scams listed, the majority were tax rebate or refund scams which rose by 90% from 363,118 to 690,522. In addition, voice scam attacks escalated by 66%, jumping from 203,362 to 336,767.

HMRC also receives reports for the Driver and Vehicle Licensing Agency and acts on its behalf to initiate website takedowns. In FY 2019-2020 there were 5,549 reports and a whopping 42,233 reports in 2020-2021. That’s an increase of 661%.

Cyber expert Andy Harcup, senior director at Gigamon, informed Security Matters: “The sharp rise in HMRC-branded phishing attacks poses huge risks to businesses and individuals, with many organisations lacking the resources to identify and protect against malicious hackers. All it takes is a single employee to unwittingly divulge confidential passwords and user details and cyber criminals are free to enter and wreak havoc across the network.”

Harcup continued: “The fact is that companies cannot neutralise these attacks without full visibility into network traffic and gaining complete visibility into potential hostile threats. The days of allowing security ‘blind spots’ to remain unchecked are over. Gaining a complete view of what’s happening and when should now be the ‘new normal’ in terms of security protocol.”

Tim Sadler, CEO at Tessian, responded: “Impersonating an authoritative organisation like HMRC is a tried and tested way for cyber criminals to create a sense of urgency and fear in order to manipulate people into sharing financial information or credentials via phishing or smishing scams. They’ve upped the ante, particularly so over the past 12 months, in the hope that by sending more e-mails, more people might fall for their schemes.”

Sadler went on to comment: “Sadly, spotting the scams isn’t always easy and hackers are making them even harder to detect. The general rule is to never click on links in unexpected texts or e-mails, even if you feel under pressure to do so. Remember, it’s always possible to verify the request is real by calling the company directly or checking your online account."

Aurangzaib Chawla, director at Lanop Outsourcing, concluded: “With businesses on a fragile road to recovery following the COVID-19 crisis, it’s vital to remain vigilant about the very real risks posed by HMRC-branded scams.”

Company Info

WBM

64 High Street, RH19 3DE
East Grinstead
RH19 3DE
UNITED KINGDOM

04478 18 574309

Related Topics
cyber
government
hmrc
phishing
scams
security
Related Articles
Latest Webinars
Biometric access control: are fingerprint cards the future?
Biometric access control: are fingerprint cards the future?
Bandweaver signposts webinar on optical fiber for perimeter security
Video Surveillance: Exploring New Horizons
Perimeter Intruder Detection Solutions
Related Resources
SentriGuard Key Safe Attack Test by BRE
SentriGuard, a new-generation key management solution
Security Matters Podcast – Episode 30 now live to view
Latest News
Multi-agency law enforcement operation infiltrates ‘LabHost’ fraud platform
Secured Environments status awarded to Paternoster Square
Terrorgram added to list of proscribed terrorist organisations

Login / Sign up