HM Revenue and Customs (HMRC) has stepped up the war against scammers. It is claiming to have: “averted over a million visits to deceptive websites, including those which promote misleading and costly helpline numbers.” This is a significant result but it still has much more to do.
HMRC’s Director for Customer Services, Angela MacDonald, said: “HMRC takes the abuse of its brand very seriously. Attempts to dupe customers in this way won’t be tolerated and we will always act to protect the public from malicious or misleading websites.”
What has HMRC done?
Quite a bit. It has long been an easy target for scammers who try and redirect users to their websites. They claim to offer additional and easy to use services to make dealing with HMRC quicker and easier. The problem is that they rarely do anything but charge a fee for passing on data that sits on the HMRC website. They get away with this because HMRC has a poor track record when it comes to website usability.
Among the things it has done are:
- Monitoring search engines for sites that offer help with HMRC such as VAT, phone numbers and information.
- Taking over 75 sites promoting premium rate, non-HMRC numbers. Visitors are now redirected to HMRC.GOV.UK to get contact numbers and other information.
- Requested the removal of over 200,000 malicious websites in the last year.
- Published new information on how to spot scams and phishing emails.
All of this is good news for customers. Tax scams and phishing emails have been a major challenge for the UK Government. When Ciaran Martin was appointed head of the National Cyber Security Centre he identified fake emails pretending to come from GOV.UK as a serious issue. Since then the government has been trying to stop them with limited success. Every major tax date sees a lot of these emails hitting users inboxes.
It is not just personal tax emails. Emails about fake VAT refunds are also pretty common with the scammers keen to gain access to VAT details from businesses. They then use these in scams leaving businesses to pick up the costs.
What does this mean
Blocking one million redirects and taking over sites giving out fake data is a success for HMRC. Anything that cuts down the scams that target businesses and individuals is important. It will be interesting to see what comes next. The earning potential for these sites means that they will just keep popping up. It will be interesting to see if any of this results in convictions through the courts.
In parallel to this the NCSC has targeted fake GOV.UK emails. Many of these are tax related. When you put the two things together there is a definite sense of joined up cyber security around government beginning to emerge.
Making Tax Digital and everything being filed online are challenging for many SMEs. They are particularly at risk of being scammed. Micro businesses struggled with the VAT Mini One Stop Shop scheme (VAT MOSS). Those that didn’t regularly read the HMRC site were completely unprepared when this came in. It opened a door for scammers and cyber criminals who exploited it. One of the reasons they were unaware of the change is that HMRC no longer posts out details of changes. By shifting the emphasis to the consumer of its services, HMRC has enabled many of the criminals it is now trying to stop.
With Brexit looming large there will be other big changes to the tax system that will impact businesses and individuals. HMRC needs to not only step up this successful campaign but also look at how it can minimise the risk to its customers.