Cybersecurity experts said that phishing is generally classified as a “social engineering attack” because it attacks people rather than systems.
HMRC lost £47 million after winning 100,000 salary (PAYE) tax accounts in an organized crime case that started last year.
After the exposure of the violation, HMRC said it took steps to protect these accounts by locking down these accounts, removing login credentials, further preventing unauthorized access and removing incorrect information from tax records.
Authorities said the attack affected 0.22% of the PAYE population.
A HMRC spokesperson told the Epoch Times on Thursday: “We have acted to protect our customers after identifying attempts to access very few tax revenues, and we work with other law enforcement agencies, both in the UK and abroad, to bring the responsible person to justice.
“This was not a cyber attack, it involved criminals who use personal information from phishing activities or data obtained elsewhere to seek money from the HMRC.
Related Stories
“We’re writing letters to those affected customers to help us secure their accounts and reassure them that they haven’t lost their money.”
The HMRC added that it is not in a position to provide further details for operational reasons, but it has confirmed that the arrests have been made.
Information: “Not retrieved from HMRC”
“Phishing” is when a cybercriminal uses fraudulent emails, text messages, or phones to use phones that appear to be from trustworthy organizations to trick victims into taking certain actions, including ingesting them on websites containing malware or handing over personal information.
The revelation was published on Wednesday via the HMRC website. At the same time, senior tax institutions were giving evidence to the Finance Committee.
HMRC CEO John Paul Marks said he used personal data that criminals obtained through phishing to pose as legal customers and used personal data obtained to “create payer accounts to pay repayments and pay existing accounts.”
Angela McDonald, HMRC’s deputy chief executive and assistant secretary, revealed that information has been obtained from other circumstances and “not taken from HMRC.”
File photo of a woman using a laptop while holding a bank card dated March 30, 2020. Tim Good/PA Wire
McDonald told the committee: “In many cases, customers didn’t realize that someone else was on the account because there’s no reason to go to one because people who just ‘pay’ to make money don’t have an online account. ”
However, she added that there are cases of live accounts where “where the criminals were able to get details and were logged in as clients.”
McDonald was asked to see how much money it cost, saying, “They were able to withdraw free payments for a £47 million tune. That’s a lot of money and very unacceptable. We protected the £1.9 billion of money that we wanted to be taken from us by attacks.”
“Social Engineering Attacks”
HMRC officials reiterated during the committee meeting that what happened was not a cyber attack, with McDonald saying, “We’re not hacked. We’re not extracting any data from us.”
Sean Weber, an infiltration tester who simulates cyberattacks to identify vulnerabilities in a system, said in the epoch era that phishing is generally classified as a “social engineering attack.”
“But there’s a overlap because during phishing someone might be providing a payload that exploits a particular vulnerability,” he said.
“This is definitely one of the most effective ways to get that first access,” said the cybersecurity expert, further explaining how phishing is used to permeate the business.
“As companies spend a lot of time and effort to ensure their presence towards the external internet, there is often no real way to gain access to the network from an external perspective, as they are “segmented away from the internal network.”
He said that when a criminal sends a phishing email to an employee, the employee is already on the internal network, giving the criminal an effective way to get first footing into the company’s internal network.
Webber said: “This isn’t just that if someone enters an internal network it’s wide open. You’ll need to re-authenticate for each service you access.”
“For example, if you suddenly log in from an IP address that is different from what you normally log in, your account will be automatically asked to authenticate, blocked, or blocked,” a cybersecurity expert said.
UK Cybersecurity Resilience
The phishing attack on HMRC comes at a time of broader scrutiny about the cybersecurity resilience of UK institutions and businesses.
