Skip to content Skip to footer

HMRC phishing attacks skyrocket due to UK lockdown

HM Revenue & Customs has reported a staggering 367,520 reports of phishing email attacks during 2020, with data indicating a sharp rise in incidents after the UK went into its first lockdown in March.

This is according to official data obtained by accountancy firm Lanop Outsourcing, under the Freedom of Information (FOI) act, which specifically revealed that HMRC faced an average of 26,100 phishing attacks in January and February 2020, before soaring to an average of 45,046 attacks per month from March to September – a 73% increase.

The lowest recorded number of phishing attacks during March-September 2020, took place in August where just 38,096 attacks were detected by HMRC. However, this figure then soared to 57,801 cases in September – the largest monthly quantity all year.

As well as phishing attacks, HMRC also reported nearly 200,000 (199,621) cases of phone scams, and a further 58,921 reports of SMS (text message) scams.

The month which saw the lowest number of phone scams and SMS referrals was April, with just 425 and 2,515 of each respectively. This is likely due to the increasing amount of cyber criminals taking advantage of home workers via email phishing attacks (44,050 phishing scams were recorded in April).

 Interestingly, when the UK came out of its first lockdown in June, the quantity of phone and SMS scams began soaring again, with the number of phone scams facing HMRC steadily inclining to a peak of 46,015 in September.

 Steve Peake, UK Systems Engineer Manager, Barracuda Networks, commented, “Interestingly, Barracuda’s own data recently unveiled a similar pattern of cyber attacks facing regular businesses, with our researchers observing a 667% spike in spear phishing attacks from February to March, as a direct result of coronavirus. Similarly, other sectors, such as education, have also observed an upward trend of Covid-19 related phishing attacks during our battle against the virus.

“As the pandemic continues, businesses must anticipate Covid-19 themed attacks to increase in quantity. It’s also worth noting that cyber attacks and scams aren’t just contained to email messages, SMS based phishing attacks, or ‘Smishing’, and fraudulent phone calls, also pose a serious threat to consumers, workers and the general public.

“Combatting this threat cannot be achieved by simply relying on a single protection method. It’s important to utilise technology such as robust email security software, while also ensuring staff awareness of security and threats remains high through recurring training.”

Mohammad Sohaib, director, Lanop Outsourcing, added, “Cyber criminals have not missed a trick when it comes to using the devastating coronavirus to lure unknowing victims into leaking their own private information, such as passwords and payment details, via a phishing scam.

“In one such example, scammers impersonated HMRC to trick business owners into believing that their VAT deferral application, a key government support initiative during the pandemic, had been rejected. They would then redirect victims to a website with official HMRC branding, before stealing credit card details.

You may also like

Stay In The Know

Get the Data Centre Review Newsletter direct to your inbox.