+44 (0) 20 3119 3333 (8:30am - 6pm UK office hours)
HM Revenue & Customs (HMRC) is preparing to block all phishing emails – numbering at around half a billion – sent per year with the intention to steal financial and personal data or install malware, from reaching the inboxes of UK taxpayers.
The tax body is the only government department thus far to fully implement the domain-based message authentication, reporting and conformance (Dmarc) protocol. Implementing Dmarc is compulsory for bodies in the public sector under the active cyber defence (ACD) programme driven by National Cyber Security Centre (NCSC).
Implementing semi-automated methods, ACD is designed to combat a significant percentage of cyber attacks in the UK.
The plan is largely designed to repair underlying protocols related to infrastructure, find and prevent malicious activity, boost email security, encourage innovative methods of online authentication, filter out any malicious domains, and assist critical national infrastructure and the government in aiding security practices.
The NCSC aims to see all departments executing Dmarc sooner rather than later to eradicate malicious electronic communication that recipients might mistakenly believe comes from the government.
Head of cyber security for HMRC, Edward Tucker, said:
“With Dmarc, we can now stop almost all of the [500 million phishing emails a year seen in 2014 and 2015] from ever reaching our customers’ inboxes.
“To be able to have such a dramatic effect in reducing the threat to our customers is a huge achievement.”
Tucker said that HMRC is acknowledged as being a common target for phishing, with the most infamous campaign being the ‘Tax Refund Notification’.
He said:
“The resultant customer compromise [by phishing emails disguised as such notifications] leads to onward fraud against financial institutions and identity theft.”
To make phishing emails appear to be authentic, cyber criminals use legitimate domains from HMRC, with @HMRC.gov.uk being the most common.
Tucker said that the security team at the tax body is looking to combat this problem by adding security controls to HMRC domains on a gradual basis.
He added:
“We have already managed to reduce phishing emails by 300 million in 2016 through spearheading the use of Dmarc.”
Dmarc allows HMRC, as well as email providers, to recognise fraudulent emails pretending to be sent from a genuine HMRC domain and prevent delivery to their customers.
Tucker said that the protection team at HMRC continues to benefit from innovative methods designed to tackle these threats.
It is evident why cyber criminals would target an organisation such as HMRC. It is also worrisome, however, that one which holds a database as large as it does, is being attacked in this way. Businesses in the UK are not getting off lightly either, with constant headlines being written on major firms being targeted by hackers. This explains why cyber security staff are so important to the modern company. However, while awareness of the dangers of cyber crime is increasing, there is still an insufficient number of cyber security jobs being created. This needs addressing should the UK get to grips with these threats.
Send us your CV and have our recruiters match you to the ideal opportunities
Do you already have an account with us?
Log inWant to have an account with us?
RegisterWant to just send us your CV?
By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.
