Romanian police have arrested 13 people believed to have been behind a phishing campaign on HM Revenue and Customs (HMRC) that cost millions in bogus tax refunds.
The men and women, aged between 23 and 53, are suspected of having stolen data then used to submit millions of pounds worth of fraudulent PAYE claims, as well as VAT repayments and child benefit payments.
The arrests were carried out by criminal investigators from HMRC, together with more than 100 Romanian police officers, in the Romanian counties of Ilfov, Giurgiu, and Calarasi.
“These arrests show we work across borders with our international partners to combat tax crime in all its forms. We have a number of live criminal investigations, and we are grateful to our Romanian partners for their support," said Simon Grunwell, operational lead in HMRC’s Fraud Investigation Service.
“We have already acted to protect customers after identifying attempts to access a very small minority of tax accounts, and we continue to work with other law enforcement agencies both in the UK and overseas to bring those responsible to justice.”
Two other men, aged 27 and 36, were arrested in Bucharest in November on suspicion of cyber crime and fraud offences, with investigations still ongoing.
Last month, HMRC revealed that scammers had apparently netted £47 million by compromising around 100,000 taxpayer accounts. The tax office revealed a 38-year-old man has been arrested in Preston, apparently in connection with that attack.
“This was organized crime phishing for identity data outwith of HMRC systems, so stuff that banks and others will also unfortunately experience, and then trying to use that data to create PAYE accounts to pay themselves a repayment and/or access an existing account,” said HMRC chief executive, John-Paul Marks.
What happened with the HMRC campaign?
The attack, which took place last year, was only revealed in June - drawing criticism from treasury select committee chair Dame Meg Hillier, who told HMRC that its failure to report details of the breach was ‘unacceptable’.
HMRC said it wrote to those affected in June and that it had locked down affected accounts and deleted login credentials - including Government Gateway user ID and passwords - to prevent future unauthorized access.
The tax office also revealed it removed any incorrect information from tax records.
"Tax scams are one of the biggest risks to citizens in the UK as criminals are adopting tactics to make them highly convincing, often using a mix of emails, post and SMS to send out fraudulent comms," said William Wright, CEO of Closed Door Security.
"The correspondence often looks genuine and it takes a very savvy consumer to question its authenticity, especially as criminals often hijack on key tax dates, such as the self-assessment deadline in January."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Paying down technical debt is a problem that won't go away for businessesColumn How can CIOs find the time and funds to modernize applications and reduce the money they spend on legacy IT?
-
OVHcloud just launched a new ‘environmental impact tracker' so enterprises can keep tabs on their cloud footprintNews The updated tool from OVHcloud looks to provide more detailed insights on cloud usage
-
The ransomware boom shows no signs of letting up – and these groups are causing the most chaosNews Thousands of ransomware cases have already been posted on the dark web this year
-
Ingram Micro cyber attack: IT distributor says system restoration underway – but some customers might have to wait for a return to normalityNews Ingram Micro is gradually getting back on its feet after a recent cyber attack severely disrupted systems.
-
M&S chair calls for mandatory reporting of cyber attacks after "traumatic" ransomware incident – but will it do more harm than good?News M&S chair Archie Norman has called for mandatory reporting amid claims two large UK companies were hacked without any public knowledge.
-
Arrests made in hunt for hackers behind cyber attacks on M&S and Co-opNews The suspects remain in custody for questioning by officers from the NCA's National Cyber Crime Unit
-
Ransomware attacks carry huge financial impacts – but CISO worries still aren’t stopping firms from paying outNews Increased anxiety over ransomware links directly to its devastating impact on business processes and one’s bottom line
-
‘The worst thing an employee could do’: Workers are covering up cyber attacks for fear of reprisal – here’s why that’s a huge problemNews More than one-third of office workers say they wouldn’t tell their cybersecurity team if they thought they had been the victim of a cyber attack.
-
Developers face a torrent of malware threats as malicious open source packages surge 188%News Researchers have identified more than 16,000 malicious open source packages across popular ecosystems
-
A prolific ransomware group says it’s shutting down and giving out free decryption keys to victims – but cyber experts warn it's not exactly a 'gesture of goodwill'News The Hunters International ransomware group is rebranding and switching tactics
