HMRC Scammers steals £47m in phishing fraud targeting 100,000 taxpayer accounts
The tax authorities revealed that scammers stole £47 million from HM Income and Customs (HMRC), which revealed fraudulent access to more than 100,000 taxpayer accounts using phishing strategies.
Mass fraud was exposed at a hearing of the Treasury Choice Committee, with senior HMRC officials coming to criticism for failing to notify members of Congress earlier. According to the department, the criminal used the stolen personal details to mimic the taxpayer and demanded false tax discounts to transfer funds for legal claims.
HMRC stressed that this is not a cyber attack or data breach of its internal systems, but a complex case of identity theft. Criminals use phishing methods (people were tricked into giving up personal information) to create new online tax accounts in the name of the victim.
“It’s unacceptable to take a lot of money,” HMRC deputy CEO Angela MacDonald told MPs. She added that many affected people never created online tax accounts and were unaware of their goals.
HMRC CEO John-Paul Marks said the organization has since identified the damaged account and locked it. “We have taken significant action to intercept the incident,” he said. “We identified the misused account, closed it and have been working to identify the real customers.”
Despite the scale of fraud, HMRC said no individual taxpayer directly lost money. All affected customers are being contacted to confirm that their accounts are now secure and that they do not need to take further action.
However, members of Congress expressed concern about the lack of prior warnings on the scale of the issue. Finance Committee Chairman Dame Meg Hillier said she only learned about fraud from news reports. She said clearly at the hearing: “If you are going to show up before the committee, it is recommended that the Council recommend such things.”
She added: “Money is obtained by criminals. By penetrating digital systems. Many people would think it is cybercrime, but you define it.”
Ms. McDonald explained that as the fraud response from the HMRC intensified, the scammers adapted their tactics. “They are moving their own Mo [method of operation]She said. “Cleaning accounts and making sure we are dealing with real customers, not fraudsters is a challenge.”
She confirmed that HMRC had reported the incident to the Information Commissioner and acted on its recommendations. “We are in an environment where every organization faces some sort of cyber threat,” she said. “It’s an ongoing effort for systems we invest in trying to go beyond criminals.”
While HMRC insists that it has taken extensive steps to secure its system, next week’s government spending review is expected to include brand new funding for HMRC’s digital defense, after concerns over online fraud.
These scams highlight the growing risks of digital tax systems as criminals leverage complex identity fraud and phishing techniques to manipulate government platforms. The HMRC confirmed that the case has now become part of an ongoing criminal investigation and was arrested last year.
