Apparently 40% of British UK adults who have had spoof phishing emails from mischief makers claiming to be HMRC are ‘unconcerned’ about the risk of losing personal information.

The news comes from research from Miracl, who asked 1000 UK consumers a series of questions designed to reveal attitudes to online security. It turns out 20% of those questioned had already either suffered data theft or identity fraud, or know someone who had. Despite these shocking stats, and the rash of spoof HMRC emails sent out over 2015, most people are woefully unaware of the risks. Worse still, 48% said they ‘weren’t worried’ about losing personal and financial information through fraudsters pretending to be HMRC.

More worried about ecommerce and banking scams than HMRC spoofs

Oddly, in stark contrast, e-commerce make more of us nervous than anything, with 51% of those quizzed finding it a worry to buy stuff online, just in case our data gets nicked. And 36% of us worry about the safety and security of online banking.

According to Miracl CEO, Brian Spector, the confidence people place in being able to spot and avoid HMRC spam is particularly dangerous. The sheer volume and scope of personal and financial data available to steal from HMRC is unprecedented. If you fall for an authentic seeming spoof HMRC phishing email, you could be in real trouble, much more so than a spoof message regarding ecommerce or banking.

Why do we feel safer with HMRC?

Miracl say password-based log-in systems for government services are to blame for people feeling a lot safer than they actually should. But the mere act of creating a strong password doesn’t protect you from phishing.  They recommend better secure authentication systems, with multiple levels, that are too much of a challenge to hack, or simply too time consuming to bother trying.

Thankfully in spring 2016 the government plans to roll out  a new Verify service for users to log in to Gov.uk accounts, a combination of five-digit PIN tech plus a desktop or mobile-based software token for authentication.

Look out for HMRC phishing attacks in January

Tax agencies around the world tend to see more phishing and other scams at the times when tax accounts are due. Last year almost 25,000 different kinds of phishing emails were reported to HMRC and 611 scam sites shut down just before the tax credit renewal deadline. With the end of January the tax deadline for millions of UK self employed and sole trader taxpayers, you can expect to see an increase in spam emails through this month.

How to spot an HMRC phishing scam

  • Don’t open the email unless you’re 100% dread certain it’s from HMRC. Examine it safely in the ‘view’ window of your email software instead
  • Check for spelling mistakes. Spammers are notoriously bad at spelling
  • Look at the logo. If it’s fuzzy or poor quality, be suspicious
  • Is the language as good as you’d expect? If the way it’s written sounds wrong in any way, or the punctuation is incorrect, step away
  • Check the address and legal details against HMRC to make sure they match
  • Remember HMRC will never ask you for your login or other financial details via email

Do you have any useful warnings to add?

If you’ve been phished, how did they fool you? Leave a comment below to help us warn others.