“Sophisticated criminal gangs” behind spate of identity hijacks; investigation ongoing as HMRC warns people to be careful with sensitive ID details. Technology correspondent Jon Wilcox reports.

Online fraud is nothing new for HMRC; phishing scams [1] claiming to be from Her Majesty’s Revenue & Customs have flooded email inboxes [2] since the government department’s creation back in 2005. The government department today issued a warning to agents and individuals to protect their security information, in light of a new fraud whereby criminals make fraudulent claims through the use of intercepted passwords and identification details.

In a bid to reassure agents and individuals alike of its own security measures, HMRC issued the following statement:

“Our IT and online systems remain safe and secure. Criminals however constantly target computer users with viruses and phishing attacks and have managed to get hold of a small number of users’ details and passwords and made fraudulent claims for tax repayments.”

 “We are working closely with the people affected and the police to tackle the threat of this kind of organised e-crime, and we urge all our customers to take extra care with passwords and other forms of identification.” The statement continued: “There is no reason to believe that the users’ security details that have been used fraudulently were obtained from HMRC.”

HMRC issued guidance to tax agents this afternoon, which included a list of security steps PC users should take to protect their personal systems (anti-virus software, personal firewall, anti-spyware, regular password changes), together with a list of steps the department uses to protect the online tax system. The guidance reiterated: “Only a few agents have been affected so far and HMRC is working with them and the police to tackle the problem. Investigations to date have confirmed that there has been no breach of HMRC’s security systems, so a priority is to identify how the criminals obtained the information. The main risk involves the stealing of identity or access details.”

AccountingWEB.co.uk spoke with representatives from HMRC about how widespread the issue has become, given today’s warning and advice. “The investigation is ongoing,” said a spokesperson. “We just want customers both agents and individuals to be careful with their personal and client information and IT kit.”

One AccountingWEB.co.uk member has already been affected the latest fraud; you can follow the debate with other members on the 'Lost Inland Revenue password [3]' thread.  If you think you've been affected by the fraud, contact HMRC through this email address [4].