cuts scam emails by 300m through new cyber security initiative
HMRC has successfully reduced the
number of phishing emails its customers receive by 300 million this year, better
protecting taxpayers from fraud and identity theft.
This is a significant decrease in the ? a billion phishing emails sent to
customers alleging to be from an:- '@HMRC.gov.uk' email address in both 2014 and
2015, and shows the progress the department is making in tackling these types of
Discussing the achievement, HMRC's Head of Cyber Security, Ed Tucker, said:-
"Phishing emails are a major focus for our Cyber Security Team. They're more
than just unwanted messages; they are a means by which criminals look to exploit
members of the public and gain access to their personal and financial data. This
in turn can lead to fraud and identity theft.
By introducing a new level of security, we've been able to tackle these threats
head on and almost all attempts to scam taxpayers by pretending to be from an HMRC email address will now fall flat. The added security this brings will be
invaluable, especially at this time of year when many customers are busy using
their online Personal Tax Account to submit their Self Assessment returns."
The achievement has been made possible through HMRC's implementation of the
email authentication protocol Domain-based Message Authentication, Reporting and
Conformance (DMARC). The security process works by determining which email
servers are allowed to send emails on behalf of the organisation. If an email
passes the checks it is deemed legitimate and delivered. If it fails then it is
deemed fraudulent and is not delivered.
Ed Tucker, who recently won the Security Professional of the Year award at the
UK IT Industry Awards, added:- "While this does not mean a complete end to HMRC based phishing, it has taken hundreds of millions of scam messages out of
circulation and will make criminals' emails look far less legitimate, giving our
customers a much better chance of spotting them."
As one of the first departments to apply the DMARC control, HMRC is now at the
forefront of contributing to the delivery of the Active Cyber Defence Programme;
an essential part of the National Cyber Security Strategy.