Shocked expression
HMRC says text-based scams are increasingly popular as tax deadlines approach iStock

HM Revenue and Customs (HMRC) says it has stopped thousands of taxpayers from receiving scam text messages in the past year, but security experts warn the public is still at risk.

The agency is working to raise awareness of potential fraud ahead of the self-assessment deadline of 31 January, a period when scammers will be out in force. Officials stressed that they will never contact customers who are due a tax refund by text message or by email.

Digital fraudsters posing as HMRC send text messages to unsuspecting members of the public and make false claims, such as suggesting they are due a tax rebate.

Messages will usually include links to websites which harvest personal information or spread malware.

Ultimately, this can lead to identity fraud and the theft of people's personal savings via further cyberattack.

Reports of this type of fraud have quickly increased in volume over the last few years, HMRC said. It noted that text message based scams are highly effective because they can appear to be legitimate. For example, texts can display 'HMRC' as the sender rather than a phone number.

HMRC began a pilot in April 2017 to combat these messages, using new technology to identify fraud texts with 'tags' that suggest it's from HMRC and stops them from being delivered.

Since the pilot began, there has been a 90% reduction in customer reports around the spoofing.

The initiative helped reduce reports of these scams from over 5,000 in March 2017, before the new programme was introduced, to less than 1,000 in December 2017. In the last 12 months, HMRC said that it successfully removed 16,000 malicious websites linked to phishing attacks.

"As email and website scams become less effective, fraudsters are increasingly turning to text messages to con taxpayers," said HMRC customer services director Angela MacDonald. "But as these numbers show, we won't rest until these criminals are out of avenues to exploit."

Working overtime

The department is working alongside the UK's National Cyber Security Centre (NCSC). Experts told IBTimes UK fraudsters will likely be working overtime as the tax deadline approaches.

"Scams and fraud always spike around large events such as holidays and tax season," said Lane Thames, senior security researcher at Tripwire. He added: "It's nice to see organisations such as HMRC implementing technologies to reduce the spread of scam-based messages.

HMRC plans to enforce tougher penalties for accountants and advisers who help their clients dodge taxes
HM Revenue and Customs, London Reuters

"However, technology can never stop all malicious activities and messages. As such, individuals must, unfortunately, stay mindful and vigilant when using digital services.

"When in doubt, simply look up the organisation online or make a call to verify the claim (do not use the contact information that was delivered to you).

"A little bit of precaution can go a long way in preventing phone, email and text scams."

Mark James, specialist at security firm ESET, commented: "When it comes to tax returns or indeed any type of interaction with HMRC, the scammers have every ingredient they need to deliver an effective attack method with a higher-than-normal chance of success.

"The end user is presented with something they are expecting from an organisation that they need to respond too, along with the perceived scare factor of not answering or cooperating."