Cyber-attacks on HMRC jumped 73% during COVID lockdown

HMRC reported a ‘staggering’ 367,520 reports of phishing email attacks during 2020 so far, with a sharp rise in incidents occurring since the UK went into lockdown in March.

According to accountancy firm’s Lanop Outsourcing’s Freedom of Information findings, HMRC faced an average of 26,100 phishing attacks in January and February, but soared to 45,046 a month between March and September – representing a 73% increase.

The lowest number of attacks during the peak COVID period was in August, with a hardly-negligible nadir of 38,096 attacks. A month later, HMRC reported 57,801 cases in September, which represents the second highest monthly quantity for the year-to-date.

Speaking on examples of HMRC cyber-attacks, Lanop Outsourcing Director, Mohammad Sohaib, said: “In one such example, scammers impersonated HMRC to trick business owners into believing that their VAT deferral application, a key government support initiative during the pandemic, had been rejected. They would then redirect victims to a website with official HMRC branding, before stealing credit card details.”

“Unfortunately, we are likely to see the percentage of ‘successful’ scams to increase, as the sophistication and quantity of these attacks continues to surge. Combatting it requires constant online vigilance from business owners, consumers and internet users, as well as training and education around the threat facing them.”

In addition to email phishing attacks, HRMC reported almost 200,000 instances of phone scamming, as well as 58,921 text message cons. Mercifully, these number were at their lowest in April, at 425 and 2,515 instances respectively. Unfortunately, this was likely due to the fact that scammers anticipated people working from home, and opted for email scams instead (44,050 during the month).

Interestingly, when the UK came out of its first lockdown in June, the quantity of phone and SMS scams began soaring again, with the number of phone scams facing HMRC steadily inclining to a peak of 46,015 in September.

Concluding on the risk to HMRC and the general public, Barracuda Networks UK Systems Engineer Manager, Steve Peake, commented: “[Our researchers observed] a 667 per cent spike in spear phishing attacks from February to March, as a direct result of coronavirus. Similarly, other sectors, such as education, have also observed an upward trend of Covid-19 related phishing attacks during our battle against the virus.”

“As the pandemic continues, businesses must anticipate Covid-19 themed attacks to increase in quantity. It’s also worth noting that cyber-attacks and scams aren’t just contained to email messages, SMS based phishing attacks, or ‘Smishing’, and fraudulent phone calls, also pose a serious threat to consumers, workers and the general public.”