• 07948 570815
  • This email address is being protected from spambots. You need JavaScript enabled to view it.


HMRC investigating huge amount of coronavirus phishing scams

HMRC investigating huge amount of coronavirus phishing scams

Her Majesty's Revenue and Customs (HMRC) is analysing more than 10,000 emails, SMS messages, social media posts and phone scams that use the Covid-19 pandemic as their theme, a new report from the Lanop Accountancy Group states.

Based on a Freedom of Information (FOI) request, the report claims that the figures grew dramatically as we moved further into the pandemic. March has had 133 phishing scams reported, while April saw 2,105 – a rise of 1482 percent in just a month. May saw 5,152 – a further rise of 144 percent. Finally, HMRC registered 2,558 reports in June.

But it’s not just phishing messages through various channels that criminals used for their nefarious goals – they also set up fraudulent websites. A total of 106 Coronavirus-related websites have been requested for removal by HMRC since March (17 in March, 42 in April and 24 in May).

One of the scams involved both a phishing email and a fake website. First, the victim would get a text message saying they were due a tax refund and were invited to apply via a website which looked almost identical to HMRC’s official site. The site would ask, among other things, for the victim’s passport number as well.

For Chris Ross, cyber security expert, SVP International at Barracuda Networks, it’s no wonder criminals were using HMRC with the range of financial support packages it offers for businesses and individuals.

“These scams are often cleverly designed with official branding are incredibly realistic, coaxing unsuspecting victims to hand over confidential information such as bank account details, usernames and passwords,” he says.

“With many people still working remotely for the foreseeable future, it’s vital that businesses ensure each and every member of staff is properly trained to spot these kinds of scams and the necessary cyber security systems are in place in place to identify and block suspected malicious communications, before it reaches the inbox.”


More From Our Blog