The UK’s tax authority, HMRC, has revealed there were nearly 600,000 reports of bogus emails, phone calls and texts to its phishing team last year.
- Android malware can steal Google Authenticator 2FA codes
- Report identifies the most dangerous mobile app store on the internet
- Ransomware victims thought their backups were safe. They were wrong
- Scam, spam and phishing texts: How to spot SMS fraud and stay safe
- Cybersecurity: Do these ten things to keep your networks secure from hackers
- Threat Intelligence Index Report from IBM X-Force (ZDNet YouTube)
- Best home security of 2020: Professional monitoring and DIY (CNET)
- How to set up secure credential storage for Docker (TechRepublic)
Of those, 334,000 were about phishing emails. These can take a variety of forms, but often take the form of tax rebate or refund scams. Mostly the crooks are hoping to capture as much personal information and as many credit card details as possible, which they will either use themselves for identity fraud, or sell the data onto others who specialise in those crimes. The number of reports in 2019 is down significantly from 2018, when there were over 800,000 complaints about phishing emails. That could be because there has been a decline in this type of activity, or because people are less likely to report them. Either way, the number of reports is almost certainly only the tip of the iceberg: on receiving one of these messages, most people will delete them and move on.
HMRC’s own guidance notes that the agency will never send notifications by email about tax rebates or refunds, and warns anyone who receives such an email not to visit the website, open any attachments or disclose any personal or payment information.
Taxpayers also reported around 60,000 spoof text messages last year. These also promise a tax refund if the recipient fills in a form on a website with a legitimate-looking URL — but again, this is a ruse to capture personal data. “HMRC will never ask for personal or financial information when we send text messages,” the agency’s anti-phishing guidance notes. “Do not reply if you get a text message claiming to be from HMRC offering you a tax refund in exchange for personal or financial details. Do not open any links in the message.”
Nearly 200,000 bogus phone calls, sometimes known as ‘vishing’, were also reported to the HMRC phishing hotline in last year — a significant increase over the previous year. The tax authority has previously said that it’s aware of automated phone call scams which claim that HMRC is filing a lawsuit against you, and to press ‘1’ to speak to a caseworker to make a payment. If you get this call you should end it immediately, HMRC said.
The figures were released as part of Freedom of Information request by law firm Griffin Law and was based on reports to HMRC’s official complaints email for phishing scams — [email protected] — by members of the public in 2019 and 2018.
Griffin Law managing director Donal Blaney said: “Learn to spot the fraudsters. Many are very good, but quick clues such as spelling mistakes and grammatical errors in the text, or if it is sent from an obscure-looking email address, may indicate that you are being scammed.”