HMRC phishing scam exposed

If you receive an email offering a tax rebate and think it’s too good to be true, it is. HM Revenue and Customs has reported a massive increase in phishing emails purporting to offer rebates to taxpayers. 74,743 scam emails were reported to HMRC between April and September this year, a 70% increase on the same six-month period last year.

The emails offer a tax rebate and then ask for the recipient’s name, address, date of birth, bank and credit card details, and passwords. Credulous taxpayers who obligingly hand over their details will soon find their bank accounts cleared and their personal information sold on to other criminal gangs. HMRC never emails taxpayers about rebates.

Steve Singh, deputy head of operations at HMRC Digital Security said:

“HMRC never contacts customers who are due a tax refund by email – we always send a letter through the post. If you receive an email which claims to be from HMRC, and which offers you a tax refund, we recommend you send it to and then permanently delete it. We can, and do, close the websites down and we continue our efforts to work with law enforcement agencies around the world to bring down the criminals behind these scams.”

In the same six-month period, HMRC worked with law enforcement agencies to close down more than 4,000 websites responsible for sending out phishing emails.

Phishing is a very serious problem: Symantec’s 2014 Internet Security Threat Report found that one in 392 emails contains a phishing attack and that one in five small businesses was targeted by a spear phishing attack last year. If you’re concerned about your – or your employees’ – vulnerability to social engineering and phishing scams, you will benefit from our Employee Phishing Vulnerability Assessment.

 3184  4452  4451  3185
Infrastructure (Network) Penetration Test – Level 1
Combined Infrastructure and Web Application Penetration Test – Level 1
Employee Phishing Vulnerability Assessment
Web Application Penetration Test – Level 1