In the past three months, Her Majesty’s Revenue and Customs (HMRC) received a total of 521,582 malicious emails, according to data acquired by the Parliament Street think tank.
From June to September, HMRC has been the recipient of more than 5,000 malicious emails per day on average, including spam messages, phishing attempts and malware-rigged communications.
Spam and junk messages accounted for 377,820 of the total 521,582, phishing made up 128,255 and the remaining 15,507 messages are said to have carried malware.
To make matters worse, the data suggests that attacks against HMRC are growing in frequency. In June, there were 115,585 attacks, rising to 153,992 in July and 175,227 in August.
In the first 10 days of September, meanwhile, the department recorded 76,778 attacks, which suggests the figure could have hit 230,000 by the end of the month.
For Andy Heather, VP at cybersecurity firm Centrify, an increase in attacks against HMRC isn’t much of a surprise, given hackers' perception of the institution as a “goldmine of personal and company data”.
And with the Covid-19 pandemic in the mix, forcing millions of people to work from home, the risk is even greater.
“It is therefore critical that organizations like HMRC have the necessary systems in place to verify that users are who they say they are, preventing third parties with stolen data from gaining access to critical information," Heather concluded.