Skip to content
Beware of phishing websites
Beware of phishing websites

Press release -

HMRC cuts scam emails by 300 million through new cyber security initiative

HMRC has successfully reduced the number of phishing emails its customers receive by 300 million this year, better protecting taxpayers from fraud and identity theft.

This is a significant decrease in the half a billion phishing emails sent to customers alleging to be from an ‘@HMRC.gov.uk’ email address in both 2014 and 2015, and shows the progress the department is making in tackling these types of cyber threats.

Discussing the achievement, HMRC’s Head of Cyber Security, Ed Tucker, said:

“Phishing emails are a major focus for our Cyber Security Team. They’re more than just unwanted messages; they are a means by which criminals look to exploit members of the public and gain access to their personal and financial data. This in turn can lead to fraud and identity theft.

“By introducing a new level of security, we’ve been able to tackle these threats head-on and almost all attempts to scam taxpayers by pretending to be from an HMRC email address will now fall flat. The added security this brings will be invaluable, especially at this time of year when many customers are busy using their online Personal Tax Account to submit their Self-Assessment returns.”

The achievement has been made possible through HMRC’s implementation of the email authentication protocol Domain-based Message Authentication, Reporting and Conformance (DMARC). The security process works by determining which email servers are allowed to send emails on behalf of the organisation. If an email passes the checks it is deemed legitimate and delivered. If it fails then it is deemed fraudulent and is not delivered.

Ed Tucker, who recently won the Security Professional of the Year award at the UK IT Industry Awards, added:

“While this does not mean a complete end to HMRC-based phishing, it has taken hundreds of millions of scam messages out of circulation and will make criminals’ emails look far less legitimate, giving our customers a much better chance of spotting them.”

As one of the first departments to apply the DMARC control, HMRC is now at the forefront of contributing to the delivery of the Active Cyber Defence Programme; an essential part of the National Cyber Security Strategy.

Notes to editor

1. Further information on the initiative is available on HMRC’s digital blog

2. Phishing emails are a means by which criminals look to compromise user’s machines and steal private information and/or money via some form of fraud. Their purpose is to convince unsuspecting members of the public to divulge personal, usually financial, information. Their other potential purpose is to deliver malware which can steal logon credentials and personal information. In both cases this information would then be used to commit fraud or identity theft.

3. DMARC is the newest of the mail authentication mechanisms, having only started 2010. It allows an organisation to effectively authenticate its genuine emails, whilst also identifying fraudulent emails sent in its name and take action against them. It predominantly works by defining which email servers are allowed to send emails on behalf of the organisation. If an email passes the checks it is deemed legitimate and its delivery is ensured by the email service providers. If it fails these checks it is deemed fraudulent and is not delivered to the member of the public’s inbox.

4. Information on spotting phishing emails is available on the HMRC website

5. Suspicious emails can be sent to phishing@hmrc.gsi.gov.uk.

6. Suspicious SMS messages can be forwarded to 60599

7. The National Cyber Security Strategy 2016 to 2021: https://www.gov.uk/government/publications/national-cyber-security-strategy-2016-to-2021

8. The deadline for Self-Assessment returns is 31 January. If you are filing your 2014-15 Self-Assessment return online for the first time, you will need to register for SA Online. Registering for online filing is simple – visit GOV.UK: www.gov.uk/register-for-self-assessment.

9. Follow HMRC on Twitter @HMRCgovuk

10. HMRC's flickr channel www.flickr.com/hmrcgovuk

Related links

Topics

Categories


Issued by HM Revenue & Customs Press Office

HM Revenue & Customs (HMRC) is the UK’s tax authority.

HMRC is responsible for making sure that the money is available to fund the UK’s public services and for helping families and individuals with targeted financial support.

Contacts

HMRC Press Office

HMRC Press Office

Press contact 03000 585 018

HM Revenue & Customs (HMRC) is the UK’s tax authority

HMRC is responsible for making sure that the money is available to fund the UK’s public services and for helping families and individuals with targeted financial support.

HM Revenue & Customs (HMRC)
100 Parliament St
SW1A 2BQ London