Phishing Scams: UK Tax Service Issues A Warning

The volume of smishing reports increased by 56% to reach 57, 579 while the number of phone scams reported by the public jumped by a staggering 234% to reach 195, 720 in 2019.  The volume of fake UK Tax Service (HMRC) phishing emails reported by the British public has fallen sharply over the past two years, whilst over the same period reports  of tax related to SMS tesxt and phone-based scams has  increased.

The leading UK legsl fim Griffin Law obtained the figures from the UK HMRC under a freedom of information request related to their suspicious tax email referral service and it doesn’t provide a full picture of the scale of the phishing threat facing Brirish taxpayers, it does give useful insight into general trends.

From January 1 2018 to December 31 2019 there were a total of over 1.5 million reported scams. Although the vast majority (77%) of attacks came via email, the volume actually dropped by 60% between 2018 and 2019.

That could partly be explained by greater public awareness of such scams, but also seems to show an increasing willingness on the part of fraudsters to use different communications methods to trick taxpayers. “It’s no surprise that cyber-criminals see impersonating HMRC through fraudulent phishing schemes as an easy route to securing cash pay-outs from unsuspecting victims", Chris Ross SVP of network security company Barracuda Networks speaking to Infosecurity Magazine.

“Moving forward, it’s vital that there is much more public awareness about how advanced and prevalent these phishing schemes have become. It’s also important to recognise the lengths these criminals will go to trick entrepreneurs, finance workers and vulnerable or elderly people into handing over PIN codes or transferring money to false accounts.”

The HMRC is reported to have received over 2.6 m phishing reports from the public since the 2016-17 financial year and with the support of the British National Cyber Security Centre (NCSC) the tax servive has been taking measure to improve resilience against these attacks.

HMRC Advice:

  • Recognise the signs - genuine organisations like banks and HMRC will never contact you out of the blue to ask for your PIN, password or bank details.
  • Stay safe - don’t give out private information, reply to text messages, download attachments or click on links in emails you weren’t expecting.
  • Take action - forward details of suspicious calls claiming to be from HMRC to phishing@hmrc.gov.uk and texts to 60599, or contact Action Fraud on 0300 123 2040 or use their online fraud reporting tool, especially if you suffer financial loss.
  • Check GOV.UK for information on how to avoid and report scams and recognise genuine HMRC contact.
  • If you think you have received an HMRC related phishing/bogus email or text message, you can check it against the examples shown in this guide.

HMRC:         Griffin Law:        Inforsecuity Magazine:       National Union of Students

You Might Also Read: 

The Most Common Cyber Attacks:

 

 

 

 

« AI Is Closing The Cyber Skills Gap
Teens Abandon TV and Take News On-Line »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Barracuda

Barracuda

Barracuda provides a comprehensive cybersecurity platform to protect organizations from all major attack vectors that are present in today’s complex threats.

European Recruitment

European Recruitment

European Recruitment is an award-winning, international recruitment agency specialising in niche technology areas including Cyber Security.

National Security Authority (NBU) - Slovakia

National Security Authority (NBU) - Slovakia

The National Security Authority (NBU) is the central government body in Slovakia for the Protection of Classified Information, Cryptographic Services, Trust Services and Cyber Security.

Volexity

Volexity

Volexity is a leading provider of threat intelligence and incident suppression services and solutions.

International Data Sanitization Consortium (IDSC)

International Data Sanitization Consortium (IDSC)

IDSC is a group composed of individuals and companies dedicated to standardizing terminology and practices across the data sanitization industry.

Garner Products

Garner Products

Garner design, manufacture, and sell equipment that delivers complete, permanent, and verifiable data elimination.

HUB Security

HUB Security

Hub Security provide Ultra Secure, Military Grade HSM (Hardware Security Module) Solutions for Blockchain and Digital Assets.

Qrator Labs

Qrator Labs

Qrator Labs is a leader in DDoS attack mitigation, helping organizations protect their websites from the most harmful, sophisticated DDoS attacks.

Thistle Technologies

Thistle Technologies

Thistle Technologies is building tools that help connected device manufacturers build security resiliency into devices.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Focus on Security

Focus on Security

Focus on Security are Cyber Security recruitment specialists. We’re dedicated to connecting you with the top Cyber Security talent across the globe. We focus on partnerships and results.

Zenzero

Zenzero

Zenzero simplifies technology adoption and supports our customers through managed and outsourced IT support.

Infima Cybersecurity

Infima Cybersecurity

INFIMA tackle the hard parts of managing your Security Awareness Training program so you can focus elsewhere.

Teal

Teal

Teal provides exceptional managed IT solutions for small- to medium-sized organizations that value real partnerships and elevated security.

ColCERT

ColCERT

ColCERT is the national cybersecurity emergency response team of Colombia.

Dark Entry

Dark Entry

Dark Entry provide solutions to safeguard businesses, leveraging advanced technologies and intelligence-driven approaches to detect and mitigate risks associated with compromised data.