With HMRC warning about new scams aimed at persuading people to hand over personal information or money, the government has unveiled a plan to tackle financial scams and frauds which have become increasingly difficult to spot. Following a recent serious ransom attack that targeted the payroll data of several major organisations, keeping up with alerts and taking care of your data is more important than ever.
One recent HMRC scam consists of text messages claiming that the recipient’s national insurance number has been used in a fraud, while others promise tax rebates.
The number of such scams has increased dramatically over the past few years. According to the National Cyber Security Centre, HMRC was the third most spoofed government body in 2022, behind the NHS and TV Licensing.
Tax credit claimants are being particularly targeted at the moment, with tens of thousands of fake websites purporting to give information about tax credits. HMRC has alerted claimants to be on guard for scam communications that falsely appear to come from HMRC. Typical scams include:
- emails or texts claiming an individual’s details are not up to date and that they risk losing out on payments they are due;
- emails or texts claiming that a direct debit payment has not ‘gone through’;
- phone calls threatening arrest if people do not immediately pay fake tax owed;
- emails or texts offering spurious tax rebates or bogus grants or support.
There has also been a surge in fraudsters impersonating Insolvency Service employees. The scammers target victims of investment scams who have already lost money and ask for upfront fees to help these victims get their money back. In reality the Insolvency Service never asks for advance fees.
Other criminals have stolen personal data of employees of several large companies including the BBC through a cyber attack on third-party payroll and human resources software. The data lost includes national insurance numbers, dates of birth, home addresses and bank details. The attack highlights the difficulty any organisation has in ensuring that suppliers providing critical services are cyber secure. Companies that outsource their payroll or any other sensitive operations should encrypt any data being transferred and apply password protection with the password provided separately.
The government has recently unveiled a strategy for tackling scam texts, emails, phone calls and adverts, which, it says, now make up 40% of all crime. Among the proposals are:
- A new National Fraud Squad (NFS), with over 400 specialist investigators, will pursue “the most sophisticated and harmful fraudsters” and fraud will be made a priority for the police.
- Cold calling on all financial products will be banned and criminals will be prevented from being able to send scam texts in bulk.
- It will be harder for fraudsters to ‘spoof’ UK phone numbers to make it look like they are calling from a legitimate business.
- Reporting scams will be made easier.
However, there is much that individuals and businesses can do to protect themselves against fraud. One way of spotting an email scam is to examine the sender’s email address. For example, genuine government emails will always come from a gov.uk email address. Messages from banks and other financial organisations will never request passwords and other personal information. Don’t follow links in emails or texts.
Working from home is another risk area. Ideally, to minimise leaks of sensitive data, staff working out of the office should only do so within office-based computer systems and, ideally, using corporate computers and phones, although this inevitably comes at a cost. Personal WhatsApp and email accounts should not be used for work, and vice versa. Passwords must be secure and changed regularly. Businesses should consider using professional help to review their ways of working.