Combating scamming: the latest threat to HMRC customers
I’m Donald Wooller. I work in the Customer Protection team at HMRC. In support of Scam Awareness month, I’d like to share details about one of the lesser known scams we’re currently dealing with.
I’ve previously blogged about SMiShing where criminals try to steal people’s money or data, usually by asking them to click on a link in a text message and give out their card details. Clearly this is criminal behaviour, but what I want to talk about today is more of a grey area.
Here’s a scenario:
A local plumber, let’s call him Steve, is in the middle of his Self Assessment tax return, when he gets called out on a job. He has a question about his tax return that’s niggling him, so while he’s walking to his van he Googles ‘HMRC helpline’ and without paying too much attention, he clicks a link, hits ‘call’ and connects the phone up to his car system so he can speak and drive. A genuine HMRC customer service advisor picks up and he gets his question answered, but a couple of weeks later, when his phone bill arrives, he sees he’s been charged £14.80 for the call.
Steve has been scammed. HMRC’s contact numbers are charged at local rate and will be free for most mobile phone users.
We call them ‘scammers’ as they’re not technically breaking the law, but definitely have questionable morals. These scammers set up misleading websites designed to make customers pay for services which should be free, or low cost. They may claim to be HMRC or to be affiliated with HMRC and provide premium rate numbers which put customers through to our genuine helplines, but at a high cost, which the scammers then pocket for themselves.
I’m part of a designated team within HMRC, which actively looks for such misleading sites. We work with a third party domain management company to take the most misleading cases through the ‘Dispute Resolution Service’ to challenge the use of our trademark. If we win the case the domain is then transferred to us, and we retain it in our portfolio of ‘protected domain names’, which means it’s not available to scammers. We then set up a redirect to GOV.UK, which we’ve done three million times since we became aware of the problem. So far we have recovered over 100 domains and not lost a case!
Saving the public money
By successfully challenging the ownership of the call connection services masquerading as official websites we’ve taken them out of the hands of cheats and saved the public an estimated £2.4 million.
Our advice is, always go to GOV.UK to find our genuine contact details. Type the address www.gov.uk directly into the browser to make sure you’re in the right place. In the meantime, we’ll keep working on protecting our customers against any form of cyber scam.
Donald Wooller, Customer Protection Team
The above content is available under the Open Government Licence v3.0