I’ve previously blogged about SMiShing where criminals try to steal people’s money or data, usually by asking them to click on a link in a text message and give out their card details. Clearly this is criminal behaviour, but what I want to talk about today is more of a grey area.
Here’s a scenario:
A local plumber, let’s call him Steve, is in the middle of his Self Assessment tax return, when he gets called out on a job. He has a question about his tax return that’s niggling him, so while he’s walking to his van he Googles ‘HMRC helpline’ and without paying too much attention, he clicks a link, hits ‘call’ and connects the phone up to his car system so he can speak and drive. A genuine HMRC customer service advisor picks up and he gets his question answered, but a couple of weeks later, when his phone bill arrives, he sees he’s been charged £14.80 for the call.
Steve has been scammed. HMRC’s contact numbers are charged at local rate and will be free for most mobile phone users.
We call them ‘scammers’ as they’re not technically breaking the law, but definitely have questionable morals. These scammers set up misleading websites designed to make customers pay for services which should be free, or low cost. They may claim to be HMRC or to be affiliated with HMRC and provide premium rate numbers which put customers through to our genuine helplines, but at a high cost, which the scammers then pocket for themselves.
I’m part of a designated team within HMRC, which actively looks for such misleading sites. We work with a third party domain management company to take the most misleading cases through the ‘Dispute Resolution Service’ to challenge the use of our trademark. If we win the case the domain is then transferred to us, and we retain it in our portfolio of ‘protected domain names’, which means it’s not available to scammers. We then set up a redirect to GOV.UK, which we’ve done three million times since we became aware of the problem. So far we have recovered over 100 domains and not lost a case!
Saving the public money
By successfully challenging the ownership of the call connection services masquerading as official websites we’ve taken them out of the hands of cheats and saved the public an estimated £2.4 million.
Our advice is, always go to GOV.UK to find our genuine contact details. Type the address www.gov.uk directly into the browser to make sure you’re in the right place. In the meantime, we’ll keep working on protecting our customers against any form of cyber scam.
Donald Wooller, Customer Protection Team
For guidance on identifying phishing sites, see our security pages on GOV.UK
Find out more about Scam Awareness Month
Follow us on Twitter @HMRCdigital
To make sure you don't miss any of our blog posts, sign up for email alerts