View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 8, 2016updated 04 Sep 2016 10:28pm

Hackers using phishing to cash in on 9m tax returns

News: Login details used to make fraudulent tax rebate claims.

By Charlotte Henry

Cyber criminals are hacking into online tax return accounts on the Revenue and Customs (HMRC) website, and are using the accounts to steal money by making false tax refund claims.

Millions of tax payers were on the receiving end of phishing emails claiming to be from HMRC in the run up to the self assessment tax deadline on 31st January 2016.

HMRC claims to have withstood around 17000 attempted fraudulent and incorrect claims totalling £100m during the last year. A spokesperson for HMRC told CBR that its computer systems have not been breached.

"Our online services have not been hacked and remain secure. We take our obligations around protecting customer data extremely seriously and have systems in place to review suspicious activity and monitor access to accounts. It’s only right that when appropriate we contact taxpayers and any agents acting to alert them to any concerns."

On Sunday 7th February 2016 the Sunday Times reported that one of its journalists had had their account hacked, and criminals had claimed tried to steal £1,826 using a false tax repayment claim. In this case the HMRC identified the transaction as potentially fraudulent.

Journalist Jackie Annesley said: "If the taxman is being hacked I cannot trust any bank or financial service."

The risk of self assessment tax accounts being hacked has been known for some time. HMRC found over 17,000 suspicious transactions amounts the 3.4m returns it checked in 2015, trying to claim a total of more than £96m.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

In January 2016 CBR reported that a cyber attack resulting in mass data theft could cost HMRC £13bn in compensation to victims. The reputational damage to HMRC from a cyber attack would also be highly significant.

The personal data linked to a Tax return data is highly valuable to cyber criminals. It contains details such as a person’s banking history, their financial history, employment details, date of birth, and their address.

HMRC itself conceded to the Sunday Times that login details to online tax return accounts are "like gold dust to fraudsters" due to the level of data associated with them.

Having such information could allow cyber criminals to conduct very high level indentity theft, allowing them to things as advanced as take out a mortgage in their victim’s name.

The government has tried to improve cyber security around tax returns, bringing in the Gov.UK verify portal, which provides multi-factor authentication.

Nine million people are thought to have submitted their tax return online prior to the deadline.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.