Romanian police have arrested 13 people believed to have been behind a phishing campaign on HM Revenue and Customs (HMRC) that cost millions in bogus tax refunds.
The men and women, aged between 23 and 53, are suspected of having stolen data then used to submit millions of pounds worth of fraudulent PAYE claims, as well as VAT repayments and child benefit payments.
The arrests were carried out by criminal investigators from HMRC, together with more than 100 Romanian police officers, in the Romanian counties of Ilfov, Giurgiu, and Calarasi.
“These arrests show we work across borders with our international partners to combat tax crime in all its forms. We have a number of live criminal investigations, and we are grateful to our Romanian partners for their support," said Simon Grunwell, operational lead in HMRC’s Fraud Investigation Service.
“We have already acted to protect customers after identifying attempts to access a very small minority of tax accounts, and we continue to work with other law enforcement agencies both in the UK and overseas to bring those responsible to justice.”
Two other men, aged 27 and 36, were arrested in Bucharest in November on suspicion of cyber crime and fraud offences, with investigations still ongoing.
Last month, HMRC revealed that scammers had apparently netted £47 million by compromising around 100,000 taxpayer accounts. The tax office revealed a 38-year-old man has been arrested in Preston, apparently in connection with that attack.
“This was organized crime phishing for identity data outwith of HMRC systems, so stuff that banks and others will also unfortunately experience, and then trying to use that data to create PAYE accounts to pay themselves a repayment and/or access an existing account,” said HMRC chief executive, John-Paul Marks.
What happened with the HMRC campaign?
The attack, which took place last year, was only revealed in June - drawing criticism from treasury select committee chair Dame Meg Hillier, who told HMRC that its failure to report details of the breach was ‘unacceptable’.
HMRC said it wrote to those affected in June and that it had locked down affected accounts and deleted login credentials - including Government Gateway user ID and passwords - to prevent future unauthorized access.
The tax office also revealed it removed any incorrect information from tax records.
"Tax scams are one of the biggest risks to citizens in the UK as criminals are adopting tactics to make them highly convincing, often using a mix of emails, post and SMS to send out fraudulent comms," said William Wright, CEO of Closed Door Security.
"The correspondence often looks genuine and it takes a very savvy consumer to question its authenticity, especially as criminals often hijack on key tax dates, such as the self-assessment deadline in January."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Asus ProArt P16 reviewReviews With high-performance specs, a slick design, and a spectacular screen, this is a superb Windows device for serious creative work
-
Microsoft could be preparing for a crackdown on remote workNews The tech giant is the latest to implement stricter policies around hybrid working without requiring a full five days in the office
-
US federal judiciary agency hit by 'escalated cyber attacks' which exposed highly sensitive dataNews The agency says it plans to step up cybersecurity capabilities in the wake of the incident
-
Nearly one-third of ransomware victims are hit multiple times, even after paying hackersNews Many ransomware victims are being hit more than once, largely thanks to fragmented security tactics
-
Millions of Dell laptops are are at risk thanks to a Broadcom chip vulnerability – and more than 100 device models are impactedNews Widely used in high-security environments, the PCs are vulnerable to attacks allowing the theft of sensitive data
-
Cybersecurity teams are wasting time, money, and effort dealing with tool sprawl and ‘multi-vendor ecosystems’News Tool sprawl is a problem that just won't go away for security teams
-
AI breaches aren’t just a scare story any more – they’re happening in real lifeNews IBM research shows proper AI access controls are leading to costly data leaks
-
75% of UK business leaders are willing to risk criminal penalties to pay ransomsNews A ransom payment ban is a great idea - until you're the one being targeted...
-
Bitdefender targets security gaps with new Cybersecurity Advisory ServicesNews The security vendor has launched a range of new services that include advisory retainers and strategic security guidance
-
‘Polyworking’ is a cybersecurity nightmare waiting to happenNews Particularly popular with Gen Z, so-called polyworking brings huge cybersecurity risks
