HMRC investigates 10,000 Covid scams

HMRC investigates 10,000 Covid scams

HM Revenue and Customs (HMRC) is investigating 10,428 reports of phishing scams designed to exploit the coronavirus pandemic.

A Freedom of Information request by Lanop Accountancy to HMRC found scams peaked in May after rising 337 per cent from 133 in March to 5,152 in May.

They subsequently fell as lockdown measures began to ease, with 2,558 incidents reported to the tax authority in June, involving email, SMS, social media, and phone scams.

Meanwhile a total of 106 Covid-related websites had been requested for removal by the tax authority since March.

April saw 42 such requests made by HMRC to Internet Service Providers, followed by 24 in May and 17 in March.

Chris Ross, senior vice president at cyber security firm Barracuda Networks, said: “With HMRC offering a range of financial support packages for businesses and individuals during the pandemic, it’s no surprise that hackers have chosen to exploit the crisis in an effort to cash-in on Covid-19. 

“These scams are often cleverly designed with official branding are incredibly realistic, coaxing unsuspecting victims to hand over confidential information such as bank account details, usernames and passwords.”

In one phishing scam, individuals were sent a text message purporting to be from HMRC informing them they were due a tax refund.

It then told the individual to apply for this refund online via an official looking site that used HMRC branding and was marketed as “Coronavirus (Covid-19) guidance and support”.

The fake site then asked for several pieces of the user’s sensitive information before requesting their passport number as verification.

In another scam, the fraudsters sent individuals an email which used official HMRC branding and purported to be from Jim Harra, first permanent secretary and chief executive of HMRC, in an attempt to get business owners to reveal their bank account information.

Stav Pischits, CEO of cybersecurity consulting company Cynance, said: “Classic non-technical cyber attacks, such as social engineering are still among the most effective ways for criminals to steal personal data from individuals and businesses.

"These schemes often prey upon the natural vulnerabilities of victims by offering financial support and discounts, in exchange for handing over ‘registration details’, such as bank account numbers and personal data.

“Tackling this problem requires companies to recognise that these scams are not going to go away anytime soon. It’s also key to recognise that hackers have no limits and will target everyone from the CEO to the newly hired graduate in an effort to capture their objectives.”

Last month, the Work and Pensions committee launched an inquiry into pension scams, following a spike, as part of broader work looking into the impact of pension freedoms.

The coronavirus pandemic and ongoing financial hardship as a result of lockdown has provided an extra opportunity for fraudsters to target vulnerable savers and those looking to their pensions for additional financial support.