March 2, 2020updated 04 Mar 2020 9:47am

HMRC scams move from phishing to smishing as millions targeted

By Lucy Ingham

UK taxpayers have been targeted by over 1.5 million email scams, calls and text messages over the past two years purporting to be from Her Majesty’s Revenue and Customs (HMRC), according to data published today.

Collated by Griffin Law, the data shows that 1,524,449 fake emails, calls and text messages were reported to the official complaints email for HMRC between 2018 and 2019. However, not all methods have risen.

While text-based scams, known as smishing, have risen by 56% between 2018 and 2019, from 36,950 to 57,579, email scams, known as phishing, have seen a drop.

Phishing scams claiming to be from HMRC declined 60% over the same period, dropping from 841,805 to 333,857.

There has also been a significant rise in phone-based scams, which tripled from 58,538 in 2018 to 195,720.

HMRC scams move to multi-channel approach

While email-based phishing scams claiming to be HMRC remain the dominant method, the combination of their drop and the rise in phone and texts suggests that scammers are increasingly moving to a multi-channel approach.

“It’s no surprise that cybercriminals see impersonating HMRC through fraudulent phishing schemes as an easy route to securing cash pay-outs from unsuspecting victims,” said Chris Ross, SVP of Barracuda Networks.

“What’s most disturbing about these figures is the sophisticated multi-channel approach being used across calls, texts and emails to dupe individuals into assuming these interactions are a legitimate communication from the taxman.”

HMRC scams have become increasingly aggressive and threatening, with police issuing multiple warnings about scams that include false threats of arrest. Students at a number of universities have also been heavily targeted.

As a result, cybersecurity experts argue that there should greater public awareness of the issue.

“Moving forward, it’s vital that there is much more public awareness about how advanced and prevalent these phishing schemes have become,” said Ross.

“It’s also important to recognise the lengths these criminals will go to trick entrepreneurs, finance workers and vulnerable or elderly people into handing over PIN codes or transferring money to false accounts.”

For those who are unsure, Donal Blaney, MD of Griffin Law, advises taxpayers to be wary.

“No reputable organisation will ask for your private account details or tell you to click through on a link and supply personal data or passwords,” he said.

“Learn to spot the fraudsters. Many are very good, but quick clues such as spelling mistakes and grammatical errors in the text, or if it is sent from an obscure looking email address, may indicate that you are being scammed.

“We need to find these criminals and punish them severely for the distress they cause by preying on the vulnerable, or those caught off-guard.”


Read more: What is smishing? A guide to the latest cyber threat


Verdict deals analysis methodology

This analysis considers only announced and completed cloud-deals deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.

GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.

More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.

Topics in this article: ,