HMRC bans nearly 300 Covid-19 phishing scam sites since March

Hackers exploiting Coronavirus pandemic with fake websites, emails, and text messages designed to tick individuals into handing over personal financial data, according to data obtained by under FOI legislation

by Patrick Sullivan, Political Editor on 6 May 2020 12:17


Her Majesty's Revenue and Customs (HMRC) has formally asked Internet Service Providers (ISPs) to remove 292 scam web addresses exploiting the Coronavirus outbreak since 23rd March, according to official figures.

The data, obtained under the Freedom of Information (FOI) Act, revealed that of the 292 sites removed, 237 were proactively identified and requested for removal by HMRC independently, with the remaining 55 flagged by members of the public.

HMRC also disclosed that it had identified a total of 62 active phishing scams related to Covid-19 since March, with the majority in the form of text message scams. Two weeks ago it was revealed that a scam email purporting to be from HMRC was in circulation advertising the government’s Coronavirus Job Retention Scheme.

The email, which used official HMRC branding and was authored to ‘Jim Harra, first permanent secretary and chief executive of HMRC’ and asked business owners to hand over bank account details.

Cyber expert Andy Harcup, VP, Absolute Software told The Commentator, “With millions of people working remotely during the lockdown, hackers are creating increasingly sophisticated email and text message scams designed to trick individuals into handing over confidential data. We’ve already seen a huge rise in phishing attacks purporting to be from key government initiatives such as the Coronavirus Job Retention Scheme, asking for bank account details and other personal information.

Harcup continued, "It’s vital that during this difficult time companies and workers remain vigilant; checking the legitimacy of all emails and ensure that they have the necessary security systems in place to identify these threats and prevent cyber criminals from exploiting vulnerable people during the Covid-19 outbreak.”

Tim Sadler, CEO, Tessian added, “During the Covid-19 outbreak, we've seen opportunistic hackers continually taking advantage of the fact that people will be searching for more information and guidance on how to adjust to the new normal, in attempts to make their phishing scams all the more effective. All too often these email scams are incredibly realistic, purporting to be from trusted organisations or authorities like HMRC, to convince people into complying with requests - whether that's handing over personal bank account details, phone numbers and passwords. "It’s vital that companies and employees are made fully aware of these threats, particularly at a time with high levels of remote working, with many people in isolation and at a much greater risk of being defrauded.

"Key tips to stop scammers include, being careful to share any personal information online as well as being wary of unsolicited emails asking for urgent information. It’s also critical to avoid sharing financial details or personal information with unfamiliar websites. And if you're still not sure, call HMRC directly to verify the legitimacy of their message," concluded Sadler. 

blog comments powered by Disqus