Romanian police have arrested 13 people believed to have been behind a phishing campaign on HM Revenue and Customs (HMRC) that cost millions in bogus tax refunds.
The men and women, aged between 23 and 53, are suspected of having stolen data then used to submit millions of pounds worth of fraudulent PAYE claims, as well as VAT repayments and child benefit payments.
The arrests were carried out by criminal investigators from HMRC, together with more than 100 Romanian police officers, in the Romanian counties of Ilfov, Giurgiu, and Calarasi.
“These arrests show we work across borders with our international partners to combat tax crime in all its forms. We have a number of live criminal investigations, and we are grateful to our Romanian partners for their support," said Simon Grunwell, operational lead in HMRC’s Fraud Investigation Service.
“We have already acted to protect customers after identifying attempts to access a very small minority of tax accounts, and we continue to work with other law enforcement agencies both in the UK and overseas to bring those responsible to justice.”
Two other men, aged 27 and 36, were arrested in Bucharest in November on suspicion of cyber crime and fraud offences, with investigations still ongoing.
Last month, HMRC revealed that scammers had apparently netted £47 million by compromising around 100,000 taxpayer accounts. The tax office revealed a 38-year-old man has been arrested in Preston, apparently in connection with that attack.
“This was organized crime phishing for identity data outwith of HMRC systems, so stuff that banks and others will also unfortunately experience, and then trying to use that data to create PAYE accounts to pay themselves a repayment and/or access an existing account,” said HMRC chief executive, John-Paul Marks.
What happened with the HMRC campaign?
The attack, which took place last year, was only revealed in June - drawing criticism from treasury select committee chair Dame Meg Hillier, who told HMRC that its failure to report details of the breach was ‘unacceptable’.
HMRC said it wrote to those affected in June and that it had locked down affected accounts and deleted login credentials - including Government Gateway user ID and passwords - to prevent future unauthorized access.
The tax office also revealed it removed any incorrect information from tax records.
"Tax scams are one of the biggest risks to citizens in the UK as criminals are adopting tactics to make them highly convincing, often using a mix of emails, post and SMS to send out fraudulent comms," said William Wright, CEO of Closed Door Security.
"The correspondence often looks genuine and it takes a very savvy consumer to question its authenticity, especially as criminals often hijack on key tax dates, such as the self-assessment deadline in January."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Security experts claim the CVE Program isn’t up to scratch anymore — inaccurate scores and lengthy delays mean the system needs updatedNews CVE data is vital in combating emerging threats, yet inaccurate ratings and lengthy wait times are placing enterprises at risk
-
The US, UK, and Australia just imposed sanctions on a Russian cyber crime group – 'we are exposing their dark networks and going after those responsible'News Media Land offers 'bulletproof' hosting services used for ransomware and DDoS attacks around the world
-
Thousands of ASUS routers are being hijacked in a state-sponsored cyber espionage campaignNews Researchers believe that Operation WrtHug is being carried out by Chinese state-sponsored hackers
-
IBM AIX users urged to patch immediately as researchers sound alarm on critical flawsNews Network administrators should patch the four IBM AIX flaws as soon as possible
-
Logitech says zero-day attack saw hackers copy 'certain data' from internal IT systemsNews The incident is believed to have formed part of a campaign by the Clop extortion group that targeted customers of Oracle’s E-Business Suite
-
Google wants to take hackers to courtNews You don't have a package waiting for you, it's a scam – and Google is fighting back
-
Laid off Intel engineer accused of stealing 18,000 files on the way outNews Intel wants the files back, so it's filed a lawsuit claiming $250,000 in damages
-
GitHub is awash with leaked AI company secrets – API keys, tokens, and credentials were all found out in the openNews Wiz research suggests AI leaders need to clean up their act when it comes to secrets leaking
