HMRC branded scams surge…
According to the latest figures, HMRC branded scams have increased by a huge 87% in the last 12 months.
In figures obtained through a Freedom of Information request, there were 572,029 HMRC branded scams reported in 2019-20. This rose to 1,069,522 in 2020-21. It’s thought that the increase was triggered by fraudsters looking to take advantage of the pandemic.
The majority of these scams were based on tax refunds or rebates, which increased by a massive 90% in the period.
What format did these attacks take?
- Emails are the primary delivery method for an HMRC related scam, with numbers more than doubling to 630,193.
- There was also a 60% increase in the number of recorded voice scam attacks in the year, while phone call scams increased to 336,767, a rise of 66%.
- SMS (Text) scams increased by 52% to 102,562.
- More than 15,700 malicious web pages were taken down.
- Ofcom and telecoms providers removed more than 3,000 malicious telephone numbers.
And these are just the numbers reported!
What are HMRC doing about these scams?
HMRC is understandably the most imitated government body, and as a result runs its own Cyber Security Operations unit that focuses on identifying and closing down scammers.
To do so, it has pioneered the use in government of Domain-based Message Authentication, Reporting & Conformance (DMARC) protections for email, and other technical controls to stop its legitimate helpline numbers from being spoofed.
An HMRC spokesperson said: ‘Criminals have been taking advantage of the measures announced by the Government to support people and businesses affected by coronavirus. Scammers text, email or phone offering spurious financial support or tax refunds, sometimes threatening arrest if people don’t immediately pay fictitious tax owed.’
What can you do to protect yourself?
It’s important that we all take responsibility for our own cyber safety, and there are a range of steps that will make it more difficult for the scammers to catch us out, as below:
- HMRC will never contact taxpayers by email or text to discuss a tax refund. If you are a client of ours, we will have registered with them as your agent, and they will come to us before they come to you. If you receive ANY notification that requires a response, refer it directly to us.
- Have a look at the example phishing emails, calls and texts that HMRC have published here so you know what to look for in any that you receive.
- If you want to get some reassurance without referring to us, you can check some features of any call, email or letter you’ve received to gain some confidence in whether it’s genuine by referring to this HMRC guidance page.
If you receive a recorded message to your mobile, warning that you face legal action if you don’t ‘press 1 now’ to speak to an HMRC agent, it’s entirely normal to feel a rush of concern.
We know, because we’ve had a few of these now!
Remember that HMRC will NOT make first contact with you about an overdue amount, or refund, by phone or by recorded message. You would have received numerous letters before they get to this point, and you won’t be caught unawares!
How can you report an HMRC branded phishing contact?
If you DO receive a phishing contact, and recognise it for one, please take a few minutes to report it. This is the only way that HMRC can address the source of the scams and reduce the likelihood of other people getting caught out.
You can do that here.
As we’ve said above, if you’re unsure about any communication from HMRC, please get in touch. We’re very happy to look over anything that you receive rather than hear later that you’ve given away sensitive information. Even if the approach from HMRC is genuine, it’s often much better for us to deal with them for you; we can often restrict their interest to one key area, or use our experience to answer fully, but without risk!
If you’re a client of ours, we do not charge you any extra to deal with HMRC on your behalf. We automatically include all clients in our fee protection schemes which covers these costs, so you can feel comfortable in doing exactly this!