HMRC goes to extensive lengths to tackle fraudulent emails

HM Revenue and Customs (HMRC) is calling on the public sector to assist them in solving the issue of fraudulent emails.
 
The tax authority’s head of cyber security and response, Edward Tucker spoke at the Whitehall Media GovSec event last month and outlined the steps his team have taken to find a solution to the problem which can seriously damage public sector organisations.
 
“We are losing the ability to use email because spam degrades it as a communication channel,” said Mr Tucker.
 
He explained that the UK is the world’s number one for spam emails with three times as many spam emails with harmful links reaching our shores compared to the US and five times more in comparison with Germany.
 
Subsequently UK users of public services are beginning to mistrust emails. Mr Tucker added that it is becoming increasingly difficult for businesses to become digital by default when their brands are under attack.
 
HMRC has subsequently taken steps to try and limit the number of spam emails received that claim to be from the Department.
 
HMRC is purchasing all domains that could be interpreted as linked to the organisation, for example hmrc.co.uk or hrmc.co.uk with the aim of preventing fraudsters using them for criminal purposes.
 
It is also trying to communicate that it does not send emails to the users of its services so that people immediately know any email claiming to be from the Department is a phishing attack.
 
“The decision has yet to be finalised, but HMRC is looking at ways of using secure emails and links which will have to be backed up with an innovative education to enable taxpayers to identify legitimate emails from HMRC,” added Tucker.
 
Since implementing security measures to try and prevent UK citizens receiving emails claiming to be from HMRC, it claims 94 per cent of fraudulent email is now binned by internet service providers before it reaches the inbox.


Image: Jason Rogers

Last updated: 3rd October 2014