Skip to main content

HMRC calls public to arms against fraudulent email

HM Revenue and Customs (HMRC) has urged the public sector to work together to solve the problem of fraudulent email.

Speaking at the Whitehall Media GovSec event last week, the Department’s head of cyber security and response Edward Tucker explained the steps his team have taken to tackle this issue.

Tucker claims that spam email is not just an annoyance, it can seriously hurt public sector organisations.

“We are losing the ability to use email because spam degrades it as a communication channel,” he told the audience.

To give some context to his speech, Tucker explained that the UK is the world’s number one for the wrong thing – the UK has three times as many spam emails with harmful links in them compared to the US and five times more in comparison with Germany.

As a result of this, said Tucker, UK users of public services have learnt to mistrust emails, adding that it is difficult to become digital by default while your brand is under attack and therefore, pre-emptive steps are essential.

There are a number of steps HMRC has taken to try and limit the number of emails received that claim to be from the Department.

It has begun to purchase all domains that could be interpreted as linked to the organisation, for example or with the aim of preventing anyone else registering them for criminal purposes.

“We Don’t Send Emails”

HMRC has also been trying to attempt to communicate that it does not send emails to the users of its services so that people immediately know any email claiming to be from the organisation is a phishing attack.

“The decision has yet to be finalised, but it HMRC is looking at ways of using secure emails and links which will have to be backed up with an innovate education to enable taxpayers to identify legitimate emails from HMRC,” claimed Tucker.

Since implementing security measures to try and prevent UK citizens receiving emails claiming to be from HMRC, the Department claims 94% of fraudulent email is binned by ISPs (Internet service providers) before it hits a mail box.

According to Tucker, this is not 100 per cent simply because some small ISPs do not adhere to the rules.

Tucker concluded by urging all government Departments to work together in fraud prevention initiatives because the problem affects everyone.

© (opens in new tab)