Save content
Have you found this content useful? Use the button above to save it to your profile.

HMRC issues warning over stolen ID data

6th Aug 2009
Save content
Have you found this content useful? Use the button above to save it to your profile.

“Sophisticated criminal gangs” behind spate of identity hijacks; investigation ongoing as HMRC warns people to be careful with sensitive ID details. Technology correspondent Jon Wilcox reports.

Best of 09 WinnerOnline fraud is nothing new for HMRC; phishing scams claiming to be from Her Majesty’s Revenue & Customs have flooded email inboxes since the government department’s creation back in 2005. The government department today issued a warning to agents and individuals to protect their security information, in light of a new fraud whereby criminals make fraudulent claims through the use of intercepted passwords and identification details.

In a bid to reassure agents and individuals alike of its own security measures, HMRC issued the following statement:

“Our IT and online systems remain safe and secure. Criminals however constantly target computer users with viruses and phishing attacks and have managed to get hold of a small number of users’ details and passwords and made fraudulent claims for tax repayments.”

 “We are working closely with the people affected and the police to tackle the threat of this kind of organised e-crime, and we urge all our customers to take extra care with passwords and other forms of identification.” The statement continued: “There is no reason to believe that the users’ security details that have been used fraudulently were obtained from HMRC.”

HMRC issued guidance to tax agents this afternoon, which included a list of security steps PC users should take to protect their personal systems (anti-virus software, personal firewall, anti-spyware, regular password changes), together with a list of steps the department uses to protect the online tax system. The guidance reiterated: “Only a few agents have been affected so far and HMRC is working with them and the police to tackle the problem. Investigations to date have confirmed that there has been no breach of HMRC’s security systems, so a priority is to identify how the criminals obtained the information. The main risk involves the stealing of identity or access details.” spoke with representatives from HMRC about how widespread the issue has become, given today’s warning and advice. “The investigation is ongoing,” said a spokesperson. “We just want customers both agents and individuals to be careful with their personal and client information and IT kit.”

One member has already been affected the latest fraud; you can follow the debate with other members on the 'Lost Inland Revenue password' thread.  If you think you've been affected by the fraud, contact HMRC through this email address.


Replies (7)

Please login or register to join the discussion.

By User deleted
07th Aug 2009 12:27

and have managed to get hold of a small number of users’ details
the sheer brass neck of these people is unbelievable.

They disseminate stuff by careless and lax security - which is people, not process, dependent - and by allowing it to be exported to foreign places by their third-party suppliers - AND you have no legal right to restitution of damage caused by their cavalier attitude.

Each subsequent pontification they issue on security leaves one increasingly breathless at their sanctimoniousness - soon all the breath will be gone.

Thanks (0)
By User deleted
07th Aug 2009 12:54



Thanks (0)
By neil.reddin
07th Aug 2009 12:56

Right then
So when someone claiming to be from HMRC phones us, and we ask them to provide three items of client information "for security reasons", they won't object?

Thanks (0)
By User deleted
07th Aug 2009 13:25

Is online dangerous anyway?
I think we all have to accept that most of us are not computer experts when it comes to this sort of fraud. Of course we have Norton etc. installed and we update it, but we aren't really up to the IT standards of these professional criminals. Better surely for them to review the practice of increasingly compulsory online filing of returns until this is sorted out and stop refunds that are not by cheque to the address of the taxpayer that has been recognised for at least 12 months by the Revenue (or after warnings have been sent to the previous addresses held that a change of registered address has been notified and a specified delay). At least then we would have cctv of people paying these cheques in and a much reduced chance of fraud. Automation is cheaper and easier - but this the price that comes with it.

Thanks (0)
By dogsbreath
10th Aug 2009 12:37

It's a tax on stupid people
Tax Refund Notification

After the last annual calculations of your fiscal activity, we have determined that you are eligible to receive a tax refund of 188.50 GBP. Please submit the tax refund request and allow us 2-3 days in order to process it.

Click [Here] to submit you tax refund request

Note : A refund can be delayed a variety of reasons, for example submitting invalid records or applying after deadline.

Best Regards

HM Revenue & Customs

And the link resolves to (spaces added to disable it)....
h-t-t-p:// www .n-w-m. org/ event_images/ www_hmrc_gov_uk_accessibility _www_hmrc_gov_uk_accessibility_tax_refundportal/ Short_United/ index.php

What makes the above look dodgy? If you can't answer that question then you've failed the test. Please switch off the computer, put it back in the box and return it to the shop where you bought it from. That way the rest of us don't need to listen to your why-ning about your machine being full of viruses and miscellaneous malware.

Thanks (0)
By rosataylor
11th Aug 2009 07:22

How they did it
We had the experience.

They stolen our user ID, and changed our password at 10 in the evening.
They process tax returns at 5am. Each tax returns took them 2 minutes to process.
Process tax returns, claim a repayment received a repayment and opened a bank account at Barclays in two munutes.

If Agents do this our repayments takes minimun 10 days to get.

It is not just Inland Revenue that are involved. Barlays bank too. They also opened a bank account for each client to
receive and take the money.

We told the Revenue but no one ask us the bank details. I know they can not stop the payment going through as they have already done so.
But at least stop the payment coming out of each bank account. There must be thousands fraudulent bank account floating at the moment.
Sort code starts in 20.

Thanks (0)
By rosataylor
11th Aug 2009 07:23

We have all those known security before every one blame us.

Thanks (0)