UK taxpayers have been targeted by over 1.5 million email scams, calls and text messages over the past two years purporting to be from Her Majesty’s Revenue and Customs (HMRC), according to data published today.

Collated by Griffin Law, the data shows that 1,524,449 fake emails, calls and text messages were reported to the official complaints email for HMRC between 2018 and 2019. However, not all methods have risen.

While text-based scams, known as smishing, have risen by 56% between 2018 and 2019, from 36,950 to 57,579, email scams, known as phishing, have seen a drop.

Phishing scams claiming to be from HMRC declined 60% over the same period, dropping from 841,805 to 333,857.

There has also been a significant rise in phone-based scams, which tripled from 58,538 in 2018 to 195,720.

HMRC scams move to multi-channel approach

While email-based phishing scams claiming to be HMRC remain the dominant method, the combination of their drop and the rise in phone and texts suggests that scammers are increasingly moving to a multi-channel approach.

“It’s no surprise that cybercriminals see impersonating HMRC through fraudulent phishing schemes as an easy route to securing cash pay-outs from unsuspecting victims,” said Chris Ross, SVP of Barracuda Networks.

“What’s most disturbing about these figures is the sophisticated multi-channel approach being used across calls, texts and emails to dupe individuals into assuming these interactions are a legitimate communication from the taxman.”

HMRC scams have become increasingly aggressive and threatening, with police issuing multiple warnings about scams that include false threats of arrest. Students at a number of universities have also been heavily targeted.

As a result, cybersecurity experts argue that there should greater public awareness of the issue.

“Moving forward, it’s vital that there is much more public awareness about how advanced and prevalent these phishing schemes have become,” said Ross.

“It’s also important to recognise the lengths these criminals will go to trick entrepreneurs, finance workers and vulnerable or elderly people into handing over PIN codes or transferring money to false accounts.”

For those who are unsure, Donal Blaney, MD of Griffin Law, advises taxpayers to be wary.

“No reputable organisation will ask for your private account details or tell you to click through on a link and supply personal data or passwords,” he said.

“Learn to spot the fraudsters. Many are very good, but quick clues such as spelling mistakes and grammatical errors in the text, or if it is sent from an obscure looking email address, may indicate that you are being scammed.

“We need to find these criminals and punish them severely for the distress they cause by preying on the vulnerable, or those caught off-guard.”


Read more: What is smishing? A guide to the latest cyber threat