HMRC has removed more than 20,000 malicious websites during the past year to protect taxpayers from being defrauded by cyber criminals.
The new government report confirms that this figure is up by 29% compared to the previous year. Many of these malicious sites were spoof government sites designed to defraud taxpayers into revealing their financial information.
Although HMRC is claiming this as a major victory against financial crime, it does acknowledge that the battle is far from over. Taxpayers must continue to stay alert to the threat from online fraudsters.
HMRC says that it has brought in cutting-edge technology to tackle the threat, but it is also reliant on the public being aware and reporting phishing attempts.
“The criminals behind these scams prey on the public and abuse their trust in government. We’re determined to stop them,” Mel Stride MP, the financial secretary to the Treasury, said. “HMRC is cracking down harder than ever, as these latest figures show. But we need the public’s help as well. By doing the right thing and reporting suspicious messages you will not only protect yourself, you will protect other potential victims.”
HMRC has said that the most common type of scam is the ‘tax refund’ email and SMS, even though it does not offer tax refunds by text message or by email. In fact, genuine organisations like banks and HMRC never contact people out of the blue to ask for their PIN, password or bank details.
Technology beating crime
To help tackle the problem head on, the government has been trialling new technology which identifies phishing texts with ‘tags’ that suggest they are from HMRC, and stops them from being delivered. Since the pilot began in April 2017, there has been a 90% reduction in people reporting spoof HMRC-related texts.
In November 2016, the department also implemented a verification system, called DMARC. This allowed emails to be verified to ensure they come from a genuine source. This has stopped half a billion phishing emails reaching customers, but didn't stop criminal from trying.
And it has taken down 20,750 website links – many of which are masquerading as official HMRC websites. These websites were getting hold of personal details or tricking the public into using premium rate phone numbers for services that HMRC provides for free.
How to report suspicious activity
Check GOV.UK for information on how to avoid and report scams and recognise genuine HMRC contact.
People should forward suspicious emails claiming to be from HMRC. Email them at [email protected] or text 60599.
They can also contact Action Fraud on 0300 123 2040 to report any suspicious calls, or use its online fraud reporting tool.