HM Revenue and Customs (HMRC) demanded the removal of more than 20,000 malicious sites over the past year, as its efforts to protect taxpayers from scams gained momentum.
The UK tax office claimed it had helped deactivate a record 20,750 sites, a 29% increase from the previous year.
According to the National Cyber Security Centre, HMRC is the government’s most abused brand, as scammers look to trick taxpayers into responding to phishing emails and texts offering ‘tax refunds’ and other bogus claims.
HMRC also claimed that its implementation of the DMARC protocol in November 2016 has stopped a staggering 500 million phishing emails reaching their intended recipients, while an ongoing pilot begun in April 2017 has led to a 90% reduction in people reporting spoof HMRC-related texts.
Fake HMRC sites are also created to help drive calls to premium rate phone numbers the tax office offers for free. By tackling this problem, HMRC claimed it has saved taxpayers £2.4m.
However, users need to stay vigilant and help by reporting phishing incidents, it urged.
Financial secretary to the treasury, Mel Stride, said the government is determined to stop the criminals who abuse the trust placed in ministers.
“HMRC is cracking down harder than ever, as these latest figures show. But we need the public’s help as well,” he added. “By doing the right thing and reporting suspicious messages you will not only protect yourself, you will protect other potential victims.”
Despite these best efforts, some parts of the public sector remain woefully under-protected.
An Agari report from 2017 claimed that just 1% of the NHS domains the vendor analyzed were covered by DMARC.
The protocol can be expensive and time-consuming to implement, with legacy and heterogeneous NHS IT systems making the process potentially even more challenging.
Under-25s are more than twice as likely to be caught out by phishing attacks as those over 55, according to Get Safe Online research.