Cyber criminals target taxpayers ahead of tax return deadline

With three weeks to go until the self-assessment tax return deadline for the 2014-15 financial year, millions of taxpayers are reporting the increase of fake phishing emails from people purporting to be HM Revenue and Customs (HMRC).

As many as 40 per cent of the estimated 10 million Britons filing self-assessment tax forms ahead the January deadline have received fake emails pretending to be the tax authority, according to a new survey by digital authentication vendor, MIRACL.

But while a fifth of the 1,000 survey respondents claim to have known a victim of identity fraud, only 14 per cent voiced concerns about using online government services.

Brian Spector, CEO, MIRACL, said: “The volume of data involved in filling out a tax return online makes [fraud] a far greater risk.

“With all the financial data involved in a tax return, a criminal could potentially take out a mortgage in your name.

“Data theft and identity fraud is a multi-billion dollar business on the dark web, and so consumers must be vigilant.”

Less than a fortnight ago, HMRC issued its own warning to those filing tax returns this month, telling taxpayers to be wary of scam emails distributed by online criminals seeking valuable personal data.

The tax authority described itself as “one of the most phished brands in the world”.

“Cyber criminals are likely to use the approaching 31^st January deadline for self-assessment as cover for their scams,” said HMRC.

“HMRC takes online security extremely seriously, but it also needs customers to play their part.”

Jonathan Lloyd White, director of security and information, HMRC, added: “We are committed to customers’ online security, but the methods that fraudsters use to get information are constantly changing so people need to be alert.

“When using our online services, I would urge all our customers to be vigilant, and remember that HMRC will never send an email to ask for your personal information or password, or include a link or attachment.”

How to spot a fake HMRC email

• The sender’s email address will often use email accounts with HMRC or revenue names in them e.g. [email protected]. However, fraudsters can spoof the ‘from’ address to make it appear a legitimate HMRC address e.g. @hmrc.gov.uk.

• HMRC will never send notifications of tax rebates via email; nor will they ask you to disclose personal or payment information via email.

• HMRC emails will never contain phrases e.g. ‘you only have three days to reply’ or ‘urgent action required’.

• Fraudulent emails will often include links to webpages that look like the HMRC website, but crucially are not.

• Most fraudulent HMRC phishing emails will not use first names as criminals tend to send out high volumes of fake emails in one go. Always be wary of emails purporting to be from HMRC starting with generic greetings e.g. ‘Dear Customer’.

• Always be vigilant regarding email attachments as these could contain viruses designed to steal your personal data.

Date published 11 Jan 2016 | Last updated 11 Jan 2016