HMRC Takes Down 20,000 Malicious Websites
HMRC has reported it has taken down more than 20,000 malicious websites during the past year, however, is warning people to remain vigilant as phishing scams continue to rise.
HM Revenue and Customs (HMRC) reports that more than 20,000 malicious websites were taken down over the past 12-months, a marked increase of nearly 30% on the previous year.
In total, 20,750 suspicious or malicious websites have been taken down, compared to the approximately 16,000 websites in 2016/17. Despite this success, HMRC is urging the public to stay alert and report any potentially fraudulent correspondence.
Taxpayers are at risk of losing substantial amounts of money to fraudsters if they are not properly informed on potential scams such as email phishing.
Genuine email correspondence from organisations such as banks or HMRC will never contact people out of the blue and ask for sensitive information such as their PIN, password or bank details. Despite this, a significant number of people across the UK fall victim to scams every year.
HMRC advises that people never give out private information, download attachments in suspicious emails or click on lines they were not expecting. People are advised to contact organisations such as Action Fraud immediately if they suspect they may have been subjected to scams.
Tackling Cyber Crime
HMRC says it has introduced cutting-edge technology to tackle cyber crime and target fraudsters, trialling new tech which identifies phishing texts with ‘tags’ that suggest they are from HMRC or other organisations – ultimately stopping them from being delivered. Since the pilot began in April 2017, HMRC has reported a 90% reduction in people reporting spoof texts.
In November 2016, the department also implemented its verification system, Domain-Based Message Authentication, Reporting and Conformance (DMARC), which ensures emails are verified and from a genuine source. This system has stopped a staggering half-a-billion phishing emails from reaching customers.
DMARC is the internet standard that is used to allow domain owners to have more control over who can use their email addresses as ‘from’ addresses.
Over £2.4 million has also been saved by preventing fraudsters from tricking customers into using premium-rate telephone numbers. These numbers often incur extortionate charges for a service that HMRC offers for free.
Scammers are known to create websites that mimic the official HMRC website and direct members of the public to fake contact details.
Mel Stride MP, the Financial Secretary to the Treasury, says that HMRC’s crackdown on fraudulent activity is “harder than ever” but customers should still take steps to protect themselves.
He said: “The criminals behind these scams prey on the public and abuse their trust in government. We’re determined to stop them.
“HMRC is cracking down harder than ever, as these latest figures show. But we need the public’s help as well. By doing the right thing and reporting suspicious messages you will not only protect yourself, you will protect other potential victims.”
Clear and Present Danger
Professor Bill Buchanan OBE, Head of Edinburgh Napier University’s Cyber Academy, told Digit that Phishing techniques have the potential to do enormous damage to both individuals and organisations, with only one successful attempt potentially snowballing out of control.
He said: “Phishing is still the top target for scammers, and it just needs one person to give away their login details and it can compromise a whole organisational structure.”
Additionally, Buchanan said that fraudsters are continuing to evolve and change their methods as new defence mechanisms are introduced; seizing on the popularity of certain products and companies.
“Recent phishing emails have become more targeted and can often run at a time when the user might be expecting emails from organisations. Common ones are now related to Netflix and Amazon Prime subscriptions, where users get tricked into thinking that they are being charged for services their do not have (or being overcharged).”
He added: “In terms of blocking the emails, there are many tricks that the scammer can use in order to obfuscate the email so that it isn’t detected by the email filter. This includes scrambling the characters in the email within code and also encrypting the email so that it is unencrypted when shown in a browser.”