Controls prevent phone fraudsters spoofing HMRC
The tax authority has put an end to fraudster’s mimicking its most recognisable helpline numbers to dupe taxpayers and steal money.
New defensive controls deployed by HM Revenue and Customs (HMRC) have put an end to fraudster’s spoofing the tax authority’s most recognisable helpline numbers.
Fraudsters have increasingly mimicked legitimate HMRC helpline numbers (often beginning with 0300) to dupe taxpayers and steal money. Last year alone, HMRC received over 100,000 phone scam reports.
The ‘spoofing’ scam worked as taxpayers would receive calls and, on checking the numbers online, would find they appeared to belong to HMRC. This often led people to believe fake calls were real and enabled fraud.
The new controls, created in partnership with the telecommunications industry and Ofcom, will prevent spoofing of HMRC’s most used inbound helpline numbers and are the first to be used by a government department in the UK.
Criminals may still try and use less credible numbers to deploy their scams – but that means they will be easier to spot.
Financial Secretary to the Treasury, Jesse Norman MP, yesterday said:
This is a huge step forward in the fight against phone fraud.
HMRC’s new controls will help to protect thousands of hardworking taxpayers and their families from these heartless criminals.
Vigilance will always be important but this is a significant blow to the phone cheats.
Head of Action Fraud, Pauline Smith, yesterday said:
Phone calls are one of the top ways for fraudsters to make contact with their victims. Between April 2018 and March 2019, one in four phishing reports made to Action Fraud were about fraudulent phone calls.
It is encouraging to see that these newly developed controls by HMRChave already achieved a reduction in the number of calls spoofing genuine HMRC numbers. If you believe you have fallen victim to a fraudster, please report it to Action Fraud.
Since the controls were introduced in April this year, HMRC has reduced to zero the number of phone scams spoofing genuine inbound HMRC numbers. This has resulted in the tax authority already receiving 25% fewer scam reports against the previous month.
HMRC will continue to work with network providers to eradicate fraudulent numbers that are reported, and during the last 10 months has requested the removal of over 1,050 numbers from being used by scammers.
Criminals often target the elderly and vulnerable using HMRC’s brand as it is well known and adds credibility to a fraudster’s call, though this will now be significantly harder to do.
HMRC will only ever call you asking for payment on a debt that you are already aware of, either having received a letter about it, or after you’ve told us you owe some tax, for example through a Self Assessment return. Changes the department makes this month also mean you will never have to read aloud your card details to an operator.
If anyone is ever in doubt about who they are speaking to, check the number and end the call. You can contact HMRC using one of the helpline numbers or online services available from GOV.UK.
Statistics on HMRC phone scams
HMRC has seen an increasing number of phone scams against UK taxpayers:
- 2016 to 2017: 407 reports
- 2017 to 2018: 7,778 reports
- 2018 to 2019: 104,774 reports
How to spot a scam
Thanks to HMRC’s controls, scammers will now be forced to use much less credible looking numbers but you should still be vigilant as scammers may try spoof other numbers. Our advice for avoiding phone scams is:
- recognise the signs - genuine organisations like banks and HMRC will never contact you out of the blue to ask for your PIN, password or bank details
- stay safe - don’t give out private information, reply to text messages, download attachments or click on links in emails you weren’t expecting
- take action - forward details of suspicious calls claiming to be from HMRCto firstname.lastname@example.org and texts to 60599, or contact Action Fraud on 0300 123 2040 or use their online fraud reporting tool if you suffer financial loss
- check GOV.UK for how to avoid and report scams and recognise genuine HMRC contact
- listen to an example of what a phone scam sounds like on Twitter
- if you think you have received an HMRC related phishing or bogus email or text message, you can check it against examples.
More of HMRC’s other action against scams
In the last year, HMRC identified 3,441 phishing scams before they were reported thanks to proactive intelligence work. During the same period, HMRC requested the takedown of 12,366 phishing websites.
From June 2019, callers paying tax or debts over the phone to HMRC will enter their payment details via their phone keypad instead of supplying this verbally over the phone. The operator will remain on the call throughout while the card details are processed via the system but will not be privy to the customer’s secure information.
In 2016, HMRC identified a significant increase in customers receiving malicious ‘HMRC’-branded texts in 2016, and with the phone industry, piloted controls that resulted in a 90% reduction in reports of these scams. The evidence from that pilot provided the basis for Mobile Ecosystem Forum introduce a product that could be used by other mobile phone network operators.
HMRC has deployed technical controls that have so far stopped around half a billion phishing emails from ever reaching our customers’ inboxes and reduced reported instances of HMRC-branded phone text scams by 90%.
HMRC’s partners in developing these controls
Mobile UK – the trade association for the UK’s mobile network operators.
Mobile Ecosystem Forum – global trade body for mobile networks.
Telecommunications UK Fraud Forum (TUFF) – telecom industry body identifying and addressing issues in tackling fraud and crime.
Ofcom – official regulator for broadcast, telecommunications, postal services and airwaves.
ActionFraud is the UK’s national fraud and cyber crime reporting centre.
We provide a central point of contact for information about fraud and cyber crime.
The easiest way to report fraud and cyber crime is by using our online reporting tool.Report
Latest News from
How to protect yourself if you think you've been affected by the EasyJet cyber breach20/05/2020 14:43:00
Advice and guidance if you think you have been affected.
Man pleads guilty to sending Covid-19 scam text messages following DCPCU investigation19/05/2020 13:20:00
Intelligence work by the DCPCU and Action Fraud identified that the suspect was involved in sending large-scale ‘smishing’ text message campaigns.
Cyber experts shine light on online scams as British public flag over 160,000 suspect emails07/05/2020 14:15:00
In just over two weeks, the public has passed on more than 160,000 suspect emails.
Animal lovers looking for pets in lockdown defrauded of nearly £300,000 in two months06/05/2020 10:20:00
Criminals continue to take advantage of the coronavirus pandemic to commit fraud, as a scam involving the purchase of pets, such as puppies and kittens, continues to be reported to Action Fraud.
Fraudsters send victims own passwords in sextortion scam24/04/2020 16:33:00
Over 9,000 reports received so far in April.
Businesses Against Scams: Protecting businesses from COVID-19 scams24/04/2020 12:38:00
'Businesses Against Scams' launched by the National Trading Standards.
Public embraces email reporting service created after spike in coronavirus-related scams23/04/2020 13:20:00
As part of the Cyber Aware campaign, the NCSC successfully launched its suspicious email reporting service (SERS), resulting dozens of malicious web campaigns shut down in its first day after spike in coronavirus phishing scams.
Public urged to flag coronavirus related email scams as online security campaign launches22/04/2020 10:20:00
Cross-governmental ‘Cyber Aware’ campaign launched, which offers actionable advice for people to protect passwords, accounts and devices.