HMRC issues warning over stolen ID data

“Sophisticated criminal gangs” behind spate of identity hijacks; investigation ongoing as HMRC warns people to be careful with sensitive ID details. Technology correspondent Jon Wilcox reports. Online fraud is nothing new for HMRC; phishing scams claiming to be from Her Majesty’s Revenue & Customs have flooded email inboxes since the government department’s creation back in 2005. The government department today issued a warning to agents and individuals to protect their security information, in light of a new fraud whereby criminals make fraudulent claims through the use of intercepted passwords and identification details.

Continued...

» Register now

The full article is available to registered AccountingWEB members only. To read the rest of this article you’ll need to login or register.

Registration is FREE and allows you to view all content, ask questions, comment and much more.

Comments

and have managed to get hold of a small number of users’ details

Anonymous | | Permalink

the sheer brass neck of these people is unbelievable.

They disseminate stuff by careless and lax security - which is people, not process, dependent - and by allowing it to be exported to foreign places by their third-party suppliers - AND you have no legal right to restitution of damage caused by their cavalier attitude.

Each subsequent pontification they issue on security leaves one increasingly breathless at their sanctimoniousness - soon all the breath will be gone.

Pot

Anonymous | | Permalink

Kettle

Etc.

Right then

neil.reddin | | Permalink

So when someone claiming to be from HMRC phones us, and we ask them to provide three items of client information "for security reasons", they won't object?

Is online dangerous anyway?

Anonymous | | Permalink

I think we all have to accept that most of us are not computer experts when it comes to this sort of fraud. Of course we have Norton etc. installed and we update it, but we aren't really up to the IT standards of these professional criminals. Better surely for them to review the practice of increasingly compulsory online filing of returns until this is sorted out and stop refunds that are not by cheque to the address of the taxpayer that has been recognised for at least 12 months by the Revenue (or after warnings have been sent to the previous addresses held that a change of registered address has been notified and a specified delay). At least then we would have cctv of people paying these cheques in and a much reduced chance of fraud. Automation is cheaper and easier - but this the price that comes with it.

It's a tax on stupid people

dogsbreath | | Permalink

Tax Refund Notification

After the last annual calculations of your fiscal activity, we have determined that you are eligible to receive a tax refund of 188.50 GBP. Please submit the tax refund request and allow us 2-3 days in order to process it.

Click [Here] to submit you tax refund request

Note : A refund can be delayed a variety of reasons, for example submitting invalid records or applying after deadline.

Best Regards

HM Revenue & Customs

And the link resolves to (spaces added to disable it)....
h-t-t-p:// www .n-w-m. org/ event_images/ www_hmrc_gov_uk_accessibility _www_hmrc_gov_uk_accessibility_tax_refundportal/ Short_United/ index.php

What makes the above look dodgy? If you can't answer that question then you've failed the test. Please switch off the computer, put it back in the box and return it to the shop where you bought it from. That way the rest of us don't need to listen to your why-ning about your machine being full of viruses and miscellaneous malware.

How they did it

rosataylor | | Permalink

We had the experience.

They stolen our user ID, and changed our password at 10 in the evening.
They process tax returns at 5am. Each tax returns took them 2 minutes to process.
Process tax returns, claim a repayment received a repayment and opened a bank account at Barclays in two munutes.

If Agents do this our repayments takes minimun 10 days to get.

It is not just Inland Revenue that are involved. Barlays bank too. They also opened a bank account for each client to
receive and take the money.

We told the Revenue but no one ask us the bank details. I know they can not stop the payment going through as they have already done so.
But at least stop the payment coming out of each bank account. There must be thousands fraudulent bank account floating at the moment.
Sort code starts in 20.

Security

rosataylor | | Permalink

We have all those known security before every one blame us.