Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

New Wave of HMRC Scam Calls Hits UK

Security experts are warning of a new HMRC scam using a threatening automated message in a bid to trick taxpayers into paying a ‘fine.’

The scam calls appear designed to cash-in on the busy end-of-year period in the UK where taxpayers look to get their affairs in order before the self-assessment deadline at the end of January.

The automated message reveals the presumably fictitious name of an HMRC officer and extension number, before warning “the issue at hand is extremely time sensitive.”

“If you do not call us back or we do not here from your solicitors, either, then get ready to face the legal consequences,” it continues.

Comparitech attempted to call the number back in order to find out more information, but did not receive a response as of time of writing,” explained the vendor’s privacy advocate, Paul Bischoff.

“However, other people who have reported the same message from the same number say they were asked to pay upwards of £3000 in taxes. If they did not pay immediately, the scammer told them, that figure would increase 20-fold by the end of the day.”

Another variation on the scam apparently features a message claiming HMRC agents are watching the victim’s property and only a payment will prevent them from raiding it.

Victims were urged to report any scam phone numbers to Action Fraud, and HMRC-related phishing/vishing attempts to its own dedicated unit.

“If you receive a call claiming to be from the HMRC, search the phone number on the HMRC’s official website. If the number doesn’t come up, it’s probably a scam,” argued Bischoff.

“Scammers often attempt to instill a sense of urgency in victims to make them slip up. The real HMRC will not make threats over the phone, legal or otherwise, that require immediate action.”

The HMRC is one of the UK’s most phished organizations, which is partly why the National Cyber Security Centre’s active cyber defence (ACD) initiative was launched. It aims to take down phishing sites and use DMARC protocol to block phishing emails from getting through to end users.

What’s Hot on Infosecurity Magazine?