HM Revenue and Customs is investigating more than 10,000 reports of phishing scams since March, as criminals seek to exploit the COVID-19 pandemic.

Official data obtained by Lanop Accountancy Group, via a Freedom of Information request, revealed that HMRC is probing 10,428 email, SMS, social media and phone scams.

The highest number of phishing scams occurred in May, with 5,152 reports to HMRC from members of the public and businesses, up from just 133 in March - a rise of 337 per cent. June also saw a surge in scams with 2,558 reports, followed by 2,105 in April.

The data showed that a total of 106 Coronavirus-related websites have been requested for removal by HMRC since March, with 42 such requests made by HMRC to Internet Service Providers in April, followed by 24 in May and 17 in March.

In June, it was reported that HMRC asked Internet Service Providers (ISPs) to remove 292 scam web addresses exploiting the Coronavirus outbreak since the beginning of the lockdown on 23 March.

In one scam, victims were sent a text message purporting to be from HMRC informing the recipient they were due a tax refund which can be applied for online via an official looking site that uses HMRC branding and is entitled “Coronavirus guidance and support”.

The fake site then asks for several pieces of the user’s sensitive information before also requesting their passport number as ‘verification’ – a new aspect of the scam previously discovered by Griffin Law.

Another scam targets those using the government’s Self-Employment Income Support Scheme, offering a bogus tax rebate.

The latest text message informs the victim they are eligible for a tax refund and directs them to a website which then leads to a realistic imitation of the HMRC government site. A form on the site then asks for the individual’s email address, postcode and HMRC log-in details.

Another scam exploits the government’s Coronavirus Job Retention Scheme with a phishing email scam purporting to be from HMRC, designed to steal personal information. The email, which uses official HMRC branding, purports to be from Jim Harra, first permanent secretary and chief executive of HMRC, in an attempt to get business owners to reveal their bank account information.

Chris Ross, senior vice president at Cyber Security firm Barracuda Networks, said: “With HMRC offering a range of financial support packages for businesses and individuals during the pandemic, it’s no surprise that hackers have chosen to exploit the crisis in an effort to cash-in on COVID-19.

“These scams are often cleverly designed with official branding are incredibly realistic, coaxing unsuspecting victims to hand over confidential information such as bank account details, usernames and passwords.

"With many people still working remotely for the foreseeable future, it’s vital that businesses ensure each and every member of staff is properly trained to spot these kinds of scams and the necessary cyber security systems are in place in place to identify and block suspected malicious communications, before it reaches the inbox.”

Share Story: