HMRC pulls hundreds of Covid-19 phishing websites

HMRC pulls hundreds of Covid-19 phishing websites

HM Revenue and Customs (HMRC) has asked internet service providers to take down 292 scam websites exploiting the coronavirus outbreak in order to steal money from consumers.

A Freedom of Information request by Griffin Law found out of the 292 sites removed since March, 237 had been identified and requested for removal by HMRC, with the remaining 55 flagged by members of the public.

The tax authority also disclosed it had identified 62 phishing scams related to Covid-19 since March 23, the majority in the form of text message scams.

HMRC stated: “Through our guidance on and other communications to customers, we advise anyone who has disclosed personal or financial information to report it directly to Action Fraud.

“As we have cracked down on email and SMS phishing scams, criminals have increasingly turned to the traditional method of cold-calling publicly available phone numbers to steal money from taxpayers. 

“These typically take the form of an automated voice call claiming to represent HMRC and threatening legal action unless payment is made immediately. The calls spoof a valid HMRC telephone number in the caller ID field and provide a return number for victims to call to make a payment.”

Last month (April 21), it was revealed fraudsters were exploiting the government’s Coronavirus Job Retention Scheme (CJRS) with a phishing email scam pretending to be from HMRC in order to steal personal information.

Almost 50 business owners reported receiving the scam after noticing the email was sent via the address “”, with its user title being ‘HM Revenue & Customs’.

The email, which includes several typos, asks for the bank account details of the recipient in order for them to make a claim via the CJRS.

Andy Harcup, vice president at Absolute Software, said: “With millions of people working remotely during the lockdown, hackers are creating increasingly sophisticated email and text message scams designed to trick individuals into handing over confidential data. 

“We’ve already seen a huge rise in phishing attacks purporting to be from key government initiatives such as the CJRS, asking for bank account details and other personal information. 

“It’s vital that during this difficult time companies and workers remain vigilant; checking the legitimacy of all emails and ensure that they have the necessary security systems in place to identify these threats and prevent cyber criminals from exploiting vulnerable people during the Covid-19 outbreak.”

Pension scams

One way scammers are operating is by persuading people to part with their long term savings and access their pension pots.

According to research from AJ Bell, published yesterday (May 5), 16 per cent of people under 55 with a pension would consider an offer to access their funds early to help get them through the Covid-19 crisis.

Younger savers are more at risk, with one in every five (21 per cent) 18-34 year olds saying they would consider an offer to access their pension early, compared to 13 per cent of 35-54 year olds.