Not unlike the Irish Revenue scams, that we’ve covered extensively, UK’s Her Majesty’s Revenue & Customs (HMRC) is “consistently the most abused government brand”, according to the National Cyber Security Centre (NCSC).
The United Kingdom’s tax collection authority, Her Majesty’s Revenue & Customs (HMRC), initiated the removal of as many as 20,750 websites masquerading as the taxman over the past 12 months, according to HMRC’s recent announcement.
This is a 29-percent increase on the 12-month period before. Nobody should rest on their laurels, however, with HMRC calling on the public to remain on guard against scammers.
“Despite a record number of malicious sites being removed, HMRC is warning the public to stay alert as millions of taxpayers remain at risk of losing substantial amounts of money to online crooks,” according to HMRC.
Most commonly, fraudsters seek to con people out of money via the age-old tax refund scam. This involves sending out emails or text messages that attempt to bamboozle the taxpayers into believing that they are due a tax rebate. The missives will normally include links to websites that collect the targets’ personal information or bank account details, or spread malicious software.
In addition, HMRC said that it has taken other actions designed to combat fraud, especially those where technology helps. This includes deploying a verification system, called DMARC, in 2016 that has since blocked no fewer than half a billion phishing emails from reaching their intended recipients.
Additionally, the tax authority has been trialling new technology since April 2017 that “identifies phishing texts with ‘tags’ that suggest they are from HMRC, and stops them from being delivered”. Thanks to this, the number of customer reports concerning fraudulent HMRC-related texts has plunged by 90 percent.
Importantly, HMRC said recently that “people are 9 times more likely to fall for text message scams than other forms like email”, hence its pilot project combating fake texts. The increased susceptibility to falling prey to SMS-borne campaigns is because the messages “can appear more legitimate, with many texts displaying ‘HMRC’ as the sender, rather than a phone number”.
Mel Stride, Financial Secretary to the Treasury and Paymaster General, noted the strides in the fight against online fraud: “HMRC is cracking down harder than ever, as these latest figures show. But we need the public’s help as well. By doing the right thing and reporting suspicious messages you will not only protect yourself, you will protect other potential victims,” he said.
HMRC reminded people that genuine organizations such as itself or banks never make uninvited approaches via emails or texts to ask for people’s PIN, password or bank details. As a result, people should never disclose their personal data, download attachments, or click links in messages or emails that they didn’t expect to receive from HMRC or, indeed, anybody else.
written by Tomas Foltyn, ESET We Live Security