Keeping on top of scams,
fraud and cyber crime
With HMRC warning about new scams aimed at persuading people to hand over personal information or money, the government has unveiled a plan to tackle financial scams and frauds which have become increasingly difficult to spot. Following a recent serious ransom attack that targeted the payroll data of several major organisations, keeping up with alerts and taking care of your data is more important than ever.
One recent HMRC scam consists of text messages claiming that the recipient’s national insurance number has been used in a fraud, while others promise tax rebates.
The number of such scams has increased dramatically over the past few years. According to the National Cyber Security Centre, HMRC was the third most spoofed government body in 2022, behind the NHS and TV Licensing.
Tax credit claimants are being particularly targeted at the moment, with tens of thousands of fake websites purporting to give information about tax credits. HMRC has alerted claimants to be on guard for scam communications that falsely appear to come from HMRC. Typical scams include:
There has also been a surge in fraudsters impersonating Insolvency Service employees. The scammers target victims of investment scams who have already lost money and ask for upfront fees to help these victims get their money back. In reality the Insolvency Service never asks for advance fees.
Other criminals have stolen personal data of employees of several large companies including the BBC through a cyber attack on third-party payroll and human resources software. The data lost includes national insurance numbers, dates of birth, home addresses and bank details. The attack highlights the difficulty any organisation has in ensuring that suppliers providing critical services are cyber secure. Companies that outsource their payroll or any other sensitive operations should encrypt any data being transferred and apply password protection with the password provided separately.
The government has recently unveiled a strategy for tackling scam texts, emails, phone calls and adverts, which, it says, now make up 40% of all crime. Among the proposals are:
However, there is much that individuals and businesses can do to protect themselves against fraud. One way of spotting an email scam is to examine the sender’s email address. For example, genuine government emails will always come from a gov.uk email address. Messages from banks and other financial organisations will never request passwords and other personal information. Don’t follow links in emails or texts.
Working from home is another risk area. Ideally, to minimise leaks of sensitive data, staff working out of the office should only do so within office-based computer systems and, ideally, using corporate computers and phones, although this inevitably comes at a cost. Personal WhatsApp and email accounts should not be used for work, and vice versa. Passwords must be secure and changed regularly. Businesses should consider using professional help to review their ways of working.