Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

HMRC Fights Back Against the Smishers

The HMRC is claiming victory against the scammers in the busy run-up to the UK Self Assessment tax deadline, saying it stops 90% of the most convincing “smishing” texts reaching their intended recipients.

Although the tax office did not clarify what qualified as the “most convincing” texts, it claimed that it has saved thousands of taxpayers from potential phishing scams sent via mobile channels. Reports of scam HRMC texts have dropped from over 5000 in March 2017 to fewer than 1000 in December, it said.

Often these fake texts spoofed to appear as if sent by the HMRC claim the recipient is due a rebate and need only click on the link to recover it.

However, that link could lead to a phishing site designed to harvest personal information, or even begin a malware download.

HMRC claimed individuals are nine times more likely to fall for a so-called smishing scam than a phishing email because they can appear more convincing, with the sender displaying only as “HMRC” rather than an actual number.

The revenue collection agency claimed the tech it now uses identifies fraudulent texts with “tags” and stops them from being delivered.

This comes in addition to its implementation of DMARC which HMRC said has already blocked over 300 million phishing emails spoofed in its name, plus moves to remove 16,000 phishing websites.

The outreach comes as part of Take Five To Stop Fraud Week which aims to raise public awareness of digital scams.

Also this week, security awareness platform provider KnowBe4 revealed research into six million employees across 11,000 US organizations in multiple sectors.

It found that insurance company employees were the most likely to fall for phishing emails (33%) followed by those in the manufacturing industry (31%).

Large business services organizations apparently had the lowest “phish-prone benchmark” at 19%.

What’s Hot on Infosecurity Magazine?