scam-3933004_1280-1-e1560165850435

A Freedom of Information (FOI) request from a think tank revealed that HMRC received over 2.6m reports of phishing in the past three years.

From 2016-2019 HM Revenue & Customers (HMRC) received a total of 2,602,528 reports of phishing via email, phone and other methods, according to Parliament Street.

The tax year 2016/17, HMRC received the highest number of reports (921,000), whilst the tax year 2018/19 HMRC received 897,649 reports, a 15% increase on the previous year

The most popular phishing scam was tax rebate messages with a total of 1,957,003 being reported to HMRC, followed by scams via text messages (150,009). The number of phone scams reported has increased at an alarming rate, from just 407 in 2016/17 to 104,774 reports in 2018/19.

The FOI data provided insight into those who admitted to disclosing financial details, with 10,647 taxpayers in 2016/17. However, the number of taxpayers disclosing financial details has decreased since, with a success rate of less than 1%. This signals a growing awareness among consumers about protecting their personal data.

Another encouraging statistics is the number of phishing websites reported to HMRC that have been removed: 50,323 over the three years.

Tim Sadler, chief executive of Tessian said:

“What we see happening here with HMRC is happening across the board. Impersonation phishing attacks are on the rise as cyber criminals think up new ways to encourage people to share personal data or transfer money.

“And what better way to convince an individual to share information than to impersonate a position of trust and authority?

“The problem is that the digital world has altered the way trust develops online. Without the typical behavioural cues we use when physically interacting with a person, it becomes easier for hackers to manipulate people’s trust and increase the believability of a message or online persona. Hackers are also making their messages more convincing.”


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.