Government Gateway hacked?

What should you do if you think an attempt has been made to hack your government gateway account?

Didn't find your answer?

A client recently received 10 text messages at around midnight generated from attempts to access his government gateway account.

We have had this happen to several of our clients in recent months.

1.) Has any other accountant come accross this?

2.) I'm concerned that a clients government gateway number has been obtained from somewhere. Can anything be done (can HMRC change the login details for example) and should it be reported to HMRC? 

As always, thank you in advance

 

 

Replies (20)

Please login or register to join the discussion.

avatar
By paul.benny
28th Nov 2023 11:29

It may be that Client has details saved on another computer (eg by signing into their Google account - that brings over saved passwords) and another person was thinking it was their account.

Thanks (0)
Replying to paul.benny:
avatar
By jmhjones1971
28th Nov 2023 15:37

Hi Paul - I hadn't thought of that.
However, the client works for a firm of solicitors and the same thing had happened to one of his colleagues (who isn't a client) at the same time.
This, to me, indicates that somebody has obtained their government gateway ID and is trying to gain access.
Also we are seeing this type of thing on a regular basis with other clients.
I guess someone is trying to get access to obtain key information so they can use it elsewhere.
I wondered if there is a way of changing the gov gateway login number, or if this attempted hack should be reported somewhere

Thanks (0)
avatar
By Leywood
28th Nov 2023 11:39

Surely they have the added security of the 2 factor id set up?

Thanks (0)
Replying to Leywood:
avatar
By jmhjones1971
28th Nov 2023 15:31

Yes, they have second factor ID set up, so they are protected.
However, it is concerning that someone has obtained their ID in the first place (and it is happening often)
If is happening more and more - the client is a solicitor and the same thing had happened to one of his colleagues at the same time (the colleague is not a client of ours).
That is why I am wondering if there is an established reporting mechanism within HMRC.

Thanks (0)
Replying to jmhjones1971:
avatar
By FactChecker
28th Nov 2023 16:56

If client is a solicitor, then there's a News item today published by the BBC that (worryingly) *may* point at the source of the problem.

Since this site seems to get needlessly upset when a URL is posted ... try going to the 'bbc.co.uk/news/' page and find the 'business-67553706' story.
FWIW it's headed 'We don't know if we can complete on our new home'

Thanks (2)
Replying to FactChecker:
avatar
By jmhjones1971
28th Nov 2023 19:56

Thanks for that. I’ve found it and will forward it on.

Thanks (0)
avatar
By jonharris999
28th Nov 2023 15:51

These texts are phishes - they don't come from gov.uk

Thanks (0)
Replying to jonharris999:
avatar
By jonharris999
28th Nov 2023 15:52

Or should that be "phish" ?

Thanks (0)
VAT
By Jason Croke
28th Nov 2023 16:08

If a text is being received, that means someone has entered a correct User ID and password.

This suggests someone has both UserId and password or just the UserID and a stupid password that is easily guessed (such as "password").

So maybe change the password first?

You can also report this to HMRC via the online helpline https://www.gov.uk/guidance/keeping-your-hmrc-login-details-safe

The number of clients who have silly passwords or who don't care about security...when employees leave then this should trigger new passwords and mobile phone codes but how many just keep same password despite several staff leaving, etc.

Thanks (2)
Replying to Jason Croke:
avatar
By jmhjones1971
28th Nov 2023 19:57

Excellent advice. Thanks Jason

Thanks (0)
avatar
By pauld
29th Nov 2023 10:21

Does anyone know how to set up 2 step verification on the agent account (ASA and old agent account) when they are up and running without it?

Thanks (0)
avatar
By nrw2
29th Nov 2023 11:15

I spoke to HMRC and they said it's a known issue and no action is required.

They wouldn't go into the detail, but it sounds like more of a technical issue at their end rather than an account-specific breach / issue.

It's affecting a lot of users.

Thanks (3)
Replying to nrw2:
By Duggimon
29th Nov 2023 11:24

Great, thanks for coming on and letting us know, I made another thread about it before seeing this one, good to know it's not anything our end!

Thanks (0)
avatar
By AdShawBPR
30th Nov 2023 08:56

This is the message I received from HMRC about this issue:

Thank you for contacting HM Revenue & Customs and referring an e-mail sent from our ‘Government Gateway’ service. Please be aware that any replies to this mailbox are not monitored.

If you did not try to register for an account, you can safely ignore the message.

HMRC is aware of several customers receiving multiple unexpected emails regarding this issue which is currently being investigated.

If you have clicked on any links, or opened any attachments, we recommend you run your antivirus software as a matter of urgency and update any relevant passwords.

If you have disclosed any personal details to this scam, please forward a report to us at [email protected].

If you have disclosed any bank or card details, please contact your bank or card issuer immediately.

We recommend the National Cyber Security Centre’s 6 Top Tips to be Cyber Aware:

1. Create a separate password for your email

2. Create a strong password using three random words

3. Save your passwords in your browser

4. Turn on two-factor authentication

5. Update your devices

6. Turn on backup

For more information about what we do with the data you provide, please search GOV.UK for “HMRC Privacy Notice.”

Please continue to forward all suspicious DVLA & HMRC related e-mails / texts to [email protected]

Thanks (1)
Morph
By kevinringer
30th Nov 2023 09:34

This happened to me once, over a weekend when HMRC's helplines were closed. The banks use these texts and the banks have dedicated 24/7 hotlines to help customers. But HMRC thinks fraud etc only happens during HMRC opening hours. I had to wait until the Monday to speak to HMRC and when I did phone them they couldn't help because I could not quote my UTR because I was away from home on holiday and didn't have access to my records. I was eventually able to get hold of my UTR but then discovered no one in HMRC knew what to do about the possible hacking. I ended up reporting it to my professional body who took it up with HMRC, not that HMRC did anything about it. The problem persisted for several days, then stopped.

Thanks (0)
Debbie Franklin
By Debbie Franklin
30th Nov 2023 09:48

we had the same and contacted HMRC - response below

Thank you for contacting HM Revenue & Customs and referring an e-mail sent from our ‘Government Gateway’ service. Please be aware that any replies to this mailbox are not monitored.

If you did not try to register for an account, you can safely ignore the message.

HMRC is aware of several customers receiving multiple unexpected emails regarding this issue which is currently being investigated.

If you have clicked on any links, or opened any attachments, we recommend you run your antivirus software as a matter of urgency and update any relevant passwords.

If you have disclosed any personal details to this scam, please forward a report to us at [email protected].

If you have disclosed any bank or card details, please contact your bank or card issuer immediately.

We recommend the National Cyber Security Centre’s 6 Top Tips to be Cyber Aware:

1. Create a separate password for your email

2. Create a strong password using three random words

3. Save your passwords in your browser

4. Turn on two-factor authentication

5. Update your devices

6. Turn on backup

For more information about what we do with the data you provide, please search GOV.UK for “HMRC Privacy Notice.”

Please continue to forward all suspicious DVLA & HMRC related e-mails / texts to [email protected]

Thanks (0)
Replying to Debbie Franklin:
Morph
By kevinringer
30th Nov 2023 11:26

Debbie, I think your response is about the recent problem of unexpected emails from HMRC confirming email addresses, whereas the OP was about unexpected texts being 2SV code to access the online account.

Thanks (0)
Replying to Debbie Franklin:
Giraffe
By Luke
30th Nov 2023 14:26

We had the same late evening on Tuesday. I didn't click the links but did go onto HMRC and change my password just in case.

Thanks (0)
Replying to Luke:
avatar
By FactChecker
30th Nov 2023 14:57

"I didn't click the links" ... well done.

Some people don't realise that this isn't merely to prevent an immediate misdirection (classic phishing) - it can also be a form of 'data cleansing' by the miscreants. No immediate action, but putting a flag against the email address that (a) confirms it is valid/in use for this type of communication, and (b) is read by someone susceptible to such pseudo-officialise. Which of course gives them a much tighter (and therefore more valuable) list to sell on to those intent on harm.

Thanks (3)
avatar
By Inquisitive
30th Nov 2023 10:42

I received two batches of 4 emails, very HMRC look alike, entitled Government Gateway, and providing a confirmation code - exactly similar to the form of the two-stage verification process to confirm identity on login.
Spent a bit of time on the first batch to find a way to report because I was a bit worried that someone was trying to access my account. Eventually found "[email protected]" and was surprised to receive a reply that seemed not to be computer-generated, and was reassured. On receipt of the second batch to the same email address, I suddenly noticed that this was to an email address I have never used with HMRC - very similar but slightly different. I still wonder why a scammer would do this other than to waste HMRC and customer time. There was no request for info in the email, indeed the email stated: "If this email account is not shared, and you did not request this code, you need to contact HMRC." So this was a classic false email sent to random email addresses.

The only reason I have ever used the web for tax stuff is to report CGT. This is why I don't like to transmit highly confidential info via the web. I don't believe it is secure.

Thanks (0)