Skip to main content

HMRC blocked 500,000 phishing emails in 2015

(Image credit: Image Credit: wk1003mike / Shutterstock)

HM Revenue and Customs (HMRC) has revealed that during 2015 it was able to prevent half a billion phishing emails intended to steal personal and financial information from reaching UK taxpayers.

HMRC attributes a great deal of its success in preventing phishing emails to it being the first government department to fully implement the domain based message authentication, reporting and conformance (Dmarc) protocol. It is now mandatory for all public sector departments to implement Dmarc as a result of the National Cyber Security Centre's (NCSC) new active cyber defence programme (ACD) and the success that HMRC has had will likely encourage other departments to speed up their own implementation of it.

The NCSC aims to have all departments implement the Dmarc protocol as quickly as possible to aid it in eliminating the threat of malicious emails that appear to users as official ones sent from the government.

The head of HMRC, Edward Tucker, explained how Dmarc has helped the agency protect UK citizens in a blog post, saying: “With Dmarc, we can now stop almost all of these from ever reaching our customers' inboxes.  To be able to have such a dramatic effect in reducing the threat to our customers is a huge achievement.

“We have already managed to reduce phishing emails by 300 million in 2016 through spearheading the use of Dmarc. In the first six months of 2016, they responded to more than 300,000 phishing referrals from customers. They've also instigated the takedown of more than 14,000 fraudulent websites that were attempting to harvest customer data.

“These figures represent record levels of performance and demonstrate HMRC's continued dedication to protecting our customers.” 

Image Credit: wk1003mike / Shutterstock

Anthony Spadafora
After living and working in South Korea for seven years, Anthony now resides in Houston, Texas where he writes about a variety of technology topics for ITProPortal.