Scammers have defrauded HM Revenue and Customs (HMRC) of £47 million through phishing tactics to access over 100,000 taxpayer accounts, according to the organisation. The fraud was disclosed during a Treasury Select Committee hearing, where HMRC officials were criticised for not informing MPs promptly. Criminals used stolen personal data to impersonate taxpayers, claiming false tax rebates to divert funds from legitimate claims.
HMRC emphasised that this was not a cyber attack on its systems but a case of identity theft. Phishing techniques were used to set up new online tax accounts in victims’ names, exploiting people into providing personal information. Angela MacDonald, HMRC’s deputy chief executive, described the fraud as “very unacceptable” and noted that many affected individuals had never established online tax accounts, remaining unaware that they were targeted.
John-Paul Marks, HMRC’s chief executive, stated that the organisation has now identified and secured the compromised accounts, working to verify the identities of genuine customers. Despite the incident’s scale, HMRC assured that no individual taxpayers had directly lost any money. Affected customers are being informed about the security of their accounts, with no further action required on their part.
MPs voiced concerns about HMRC’s lack of prior notification of the issue’s magnitude, with Dame Meg Hillier, chair of the Treasury Committee, learning about the fraud through media reports. She criticised HMRC for not updating Parliament sooner. Angela MacDonald explained that as HMRC intensified its fraud response, scammers adjusted their methods. The department confirmed reporting the incident to the Information Commissioner and is acting based on their advice.
As HMRC continues to fortify its systems, additional funding is expected from the government’s forthcoming spending review, aiming to bolster HMRC’s digital defences amid increasing online fraud concerns. The scam underscores the rising threats to digital tax systems, as criminals utilise advanced phishing and identity fraud tactics. The incident is under active criminal investigation, with arrests made last year, HMRC confirmed.
For further information, you can read the full article on [Business Matters](https://bmmagazine.co.uk/news/hmrc-scammers-stole-47m-in-phishing-fraud-targeting-100000-taxpayer-accounts/).
