HMRC Records 73% Growth in Email Phishing Attacks During #COVID19

The UK’s HMRC detected a 73% rise in email phishing attacks in the six months that the COVID-19 pandemic struck the country, according to official data obtained following a FOI request by accountancy firm Lanop Outsourcing.

It revealed that from March to September 2020, there was an average of 45,046 email attacks per month in the UK. This compares to an average of 26,100 in the two months preceding the introduction of COVID-19 lockdown measures, in January and February. In total, HMRC revealed it had received 367,520 reports of phishing email attacks during 2020 up to September.

During the six months since the start of lockdown, September had the largest monthly quantity, at 57,801 cases, while August experienced the lowest, at 38,096.

Additionally, HMRC reported 199,621 cases of phone scams and 58,921 SMS referrals during this period. Interestingly, phone and text scams were at their lowest point in the first full month of lockdown, in April, with 425 and 2515 cases reported, respectively. This could be due to cyber-criminals focusing on email phishing attacks to take advantage of the shift to home working at this time.

Phone and SMS scams began to grow again when lockdown restrictions were first lifted in the UK in June, with phone scams steadily rising to reach a peak of 46,015 in September.

Steve Peake, UK systems engineer manager, Barracuda Networks, commented: “Interestingly, Barracuda’s own data recently unveiled a similar pattern of cyber-attacks facing regular businesses, with our researchers observing a 667% spike in spear-phishing attacks from February to March, as a direct result of coronavirus. Similarly, other sectors, such as education, have also observed an upward trend of COVID-19 related phishing attacks during our battle against the virus.

“As the pandemic continues, businesses must anticipate COVID-19 themed attacks to increase in quantity. It’s also worth noting that cyber-attacks and scams aren’t just contained to email messages, SMS-based phishing attacks, or ‘Smishing,’ and fraudulent phone calls also pose a serious threat to consumers, workers and the general public.”

Mohammad Sohaib, director at Lanop Outsourcing, added: “Cyber-criminals have not missed a trick when it comes to using the devastating coronavirus to lure unknowing victims into leaking their own private information, such as passwords and payment details, via a phishing scam.

“In one such example, scammers impersonated HMRC to trick business owners into believing that their VAT deferral application, a key government support initiative during the pandemic, had been rejected. They would then redirect victims to a website with official HMRC branding, before stealing credit card details.”

Last month it was revealed that HMRC recorded 521,582 malicious emails between June and September.

What’s Hot on Infosecurity Magazine?