skip to Main Content

At The Identity Organisation, we're here to help!

If you have any questions, just contact us by mail or phone and a member of our team will be in contact with you.

Contact Us Anytime

Our ears and inbox are always open (or at least Monday-Friday, from 9am-5pm).

Mercury House
19-21 Chapel Street, Marlow,
Bucks, SL7 2HN

+44 (0) 1628 308038

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038

    HMRC Hit by Multiple Phishing and Spam Emails

    Phishing and Email Scams

    Her Majesty’s Revenue and Customs (HMRC) received over 521,582 malicious emails over the past three months.

    According to data obtained by think tank Parliament Street, an average of over 5000 spam, phishing and malware attacks were recorded by the organization in the three month period between June and September, while spam and junk made up the largest proportion of attacks, contributing 377,820 of the total 521,582 recorded by HMRC.

    Another 128,255 emails were classified as phishing, and the remaining 15,507 attacks were said to contain malware.

    Chad Anderson, senior security researcher at DomainTools, pointed out HMRC has always been one of cyber-criminals’ favourite organizations to impersonate.

    “After all, what better way to create a sense of urgency or a desire to engage with the email in a potential victim than to pretend to be a tax collection agency, either threatening action or offering a rebate?,” he said. “The other reason why HMRC is so convenient for threat actors to impersonate is the wealth of information that people necessarily and readily share with this entity.”

    Anderson said it was unsurprising that the attacker would try to cut the middleman, and attempt to breach HMRC itself, whose systems are a treasure trove of personal identifiable information. “As always, cybersecurity training remains the best way to reduce the risk posed by these malicious emails. Clearly, HMRC’s security team must have been doing a good job in the past three months if all of these emails were blocked and identified as malicious.”

    Dean Ferrando, lead systems engineer (EMEA) at Tripwire, agreed the best preventive measure is education, as by educating the workforce to stop clicking on malicious emails or links will reduce the risk of an attack greatly.

    “Phishing is a preferred choice for attackers as they target the user’s emotional connection to their data, and with the rise of Bitcoin, it has become a lucrative way to make money,” he said.

    Javvad Malik, security awareness advocate at KnowBe4, said phishing is the most favoured attack technique used by criminals, and the response to the COVID-19 outbreak has provided a ripe environment for criminals to take advantage of, by both trying to scam the general public, and finding loopholes in the tax system.

    “As such, it becomes even more important for there to be a robust layered security strategy in place where technical controls are deployed alongside effective user security awareness and training,” Malik said.

    Attackers are constantly adapting their techniques to stay ahead of improved security technology. New-school security awareness training can give your employees the knowledge they need to avoid falling for these attacks.

    With thanks to the Cyber Defence Alliance and InfoSecurity Magazine. The full story is here:

    Request A Demo: Security Awareness Training


    New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defence. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser:

    Back To Top