Corp-INTL - HMRC-branded Phishing Scams Surge 87% in a Single Year

Published: 29 Jun 2021

Reports of HMRC-branded phishing scams have jumped from 572,029 to 1,069,522 in the last year – a surge of 87% – according to official figures.

The data, obtained by accountancy group Lanop Outsourcing under the Freedom of Information (FOI) Act, analysed data over the three most recent financial years (April 2018–2019, April 2019–2020 and April 2020–2021).

The figures show that reports of suspected SMS scams shot up 52% on last year, rising from 67,497 to 102,562 attacks. Email scams exploded 109%, rising from 301,170 to 630,193, and reports of phone call scams increased 66%, from 203,362 to 336,767.

Of the scams listed, the majority were tax rebate or refund scams, which rose by 90% from 363,118 and 690,522. In addition, voice scam attacks rose by 66%, jumping from 203,362 to 336,767.

HMRC also receives reports for the Driver and Vehicle Licensing Agency (DVLA) and act on its behalf to initiate website takedowns. In FY 2019–20 there were 5,549 reports and a whopping 42,233 reports in 2020–21 – an increase of 661%.

Cyber expert Andy Harcup, Senior Director, Gigamon, commented: “The sharp rise in HMRC-branded phishing attacks poses huge risks to businesses and individuals, with many organisations lacking the resources to identify and protect against malicious hackers. All it takes is a single employee to unwittingly hand over confidential passwords and user details, and cyber criminals are free to enter and wreak havoc across the network.

"The fact is that companies cannot neutralise these attacks without full visibility into network traffic and getting complete visibility into potential hostile threats. The days of allowing security blind spots to remain unchecked are over, and a getting a complete view of what’s happening and when should now be the new normal in terms of security protocol.”

Tim Sadler, CEO of Tessian, added: "Impersonating an authoritative organisation like HMRC is a tried-and-tested way for cybercriminals to create a sense of urgency and fear, in order to manipulate people into sharing financial information or credentials via phishing or smishing [(phishing involving text messages)] scams. And they've upped the ante, particularly over the past 12 months, in the hope that by sending more emails, more people might fall for their schemes.

"Sadly, spotting the scams isn't always easy, and hackers are making them even harder to detect. The general rule is to never click on links in unexpected texts or emails, even if you feel under pressure. Remember, you can always verify the request is real by calling the company directly or checking your online account."

Aurangzaib Chawla, Director of Lanop Outsourcing, noted: “With businesses on a fragile road to recovery following the COVID-19 crisis, it is vital to remain vigilant about the very real risks posed by HMRC-branded scams.”

About Us

Since 2005 Corporate INTL has been leading the way connecting business leaders, financiers and advisers around the world.

Our business publications reach hundreds of thousands of business leaders and decision makers in the finance and advisory communities worldwide.

Our Directory

Our Find an Expert adviser directory is the number one tool for business leaders, investors and in-house counsel to assist them in finding a proven and recommended adviser in a huge variety of practice area specialisms and countries around the world.

Mailing List

If you wish to join the Corporate INTL mailing list to receive newsletters and bulletins surrounding our products, key news, events and relevant stories related to global business, please click the link below and fill out the form provided.