back to article Maybe double-check that HMRC email? UK taxman remains a fave among the phisherfolk

The UK's National Cyber Security Centre (NCSC) has had another busy year trying to disrupt cybercrime. The government agency today reported that in the past 12 months, it stopped 140,000 phishing attacks and took down more than 190,000 fraudulent sites and services. Impersonating the taxman remained phishers' favourite …

  1. Anonymous Coward
    Anonymous Coward


    Perhaps if HMRC were not obsessed with "digital everything" they would have no need to demand/harvest email addresses and phone numbers from everyone, thus any unsolicited email which claims to arrive from them could be binned straight away. If HMRC want to contact someone, send a letter with a suitable franking mark.

    But no, I guess that is too simple, old fashioned and secure for those f*cktards.

    1. tfewster

      Re: HMRC

      To be fair - at least you can report these scans to HMRC:

      "Forward suspicious emails and details of calls claiming to be from HMRC to and texts to 60599"

  2. Simon Harris

    HMRC account.

    If any hackers want to get into that, I really don't mind if you pay my tax bill for me.

  3. Muscleguy

    HMRC are at it

    HMRC sent me a dead tree letter saying I had to file a tax return for two years ago. A year when I earned no money, not a bean. I sat on the phone and eventually got to talk to a nice young man who apologised told me to ignore it and shred it. Their systems apparently will do this with only minor provocation.

    In my case it seems to be registering for self employment because I am trying to earn pin money by tutoring in Biology and general Science. It's unleashed all sorts of havoc at HMRC which makes you wonder how competent their systems really aren't.

  4. Blackjack Silver badge

    That's cute but you are wrong!

    [The NCSC also discovered that at least 318 public sector networks and 168 unique organisations were still using Windows XP – the OS that hasn't seen a single security patch since the middle of 2014.]

    See the date there? It says 2017

    And here is an update... for 2019!

    Truly, is like Microsoft can't let XP die for good.

    1. Halfmad

      Re: That's cute but you are wrong!

      Give them credit they are actually going beyond what they said they would in order to try to protect customers who clearly don't give a **** about their own security.

      1. Peter2 Silver badge

        Re: XP use

        When I was working in the NHS there were XP boxes still around simply because they ran multi million quid bits of kit like MRI machines. The software was written for XP and preinstalled on the box provided by the manufacturer.

        The manufacturer wouldn't provide a new machine with the software on it, but would offer a 5% discount on their latest model MRI machine, at a total cost exceeding what pretty much anybody reading this will earn in total in their life.


        1) Toss a several million quids worth of perfectly good MRI machines and drop the number of medical procedures offered down to around 25% of normal to pay for replacement hardware.

        2) Unplug the XP box from the network, leave it connected to the MRI boxes and then print the scans on a high spec colour printer, and honestly answer that you have XP in use which is not receiving any security patches.

        3) stick a small hardware firewall between the XP box and the rest of the world and only allow it to do updates etc, and allow outbound SMTP traffic on port 21 to allow the scanner to email the MRI results to people who need them, then honestly answer that you have XP in use, but it's connected to the network, secured and up to date.

        4) Do a Sir Humphreyesque answer to surveys stating that all staff desktops have been updated to Win7 or Win10 and that you have no staff using a Windows XP desktop computer for their day to day work.

        Answers on a postcard to which one you'd pick.

    2. Anonymous Coward
      Anonymous Coward

      Re: That's cute but you are wrong!

      You could trick XP into thinking it was a Point of Sale terminal and still receive monthly patches, but that finally ended in April.

      1. Blackjack Silver badge

        Re: That's cute but you are wrong!

        That last update I linked? It was made after April this year

  5. ashdav

    Buzzword Bingo!

    " In the next year of service, we are intending to retender the service and look to onboard more public sector customers"

    Do I get a prize?

    1. Allonymous Coward

      Re: Buzzword Bingo!

      Did you read the report? Its language is actually refreshingly down to earth for a Govt document.

  6. Anonymous Coward
    Anonymous Coward

    "the majority of people in the UK from the majority of the harm, caused by the majority of the attacks, for the majority of the time".

    51% x 51% x 51% x 51% = 7%

  7. sitta_europea Silver badge

    Government mail/DNS administration incompetence.

    There's a simple way to detect forged mail. You publish an SPF TXT record in your DNS. Then when ANYONE sends mail which claims to be from you to ANYONE, the RECIPIENT's mail server can check the DNS to see if the sending server is authorized by the (claimed, possibly forged) sender to send that mail. If not, the recipient's server sends the messsage straight to /dev/null without cluttering up anybody's inbox.


    Well, easy if you're half-way competent. The UK government appears (like, it has to be said, most other governments) not to be competent.

    Yes, the government does publish SPF records, in a sort of piecemeal, whack-a-mole way, for myriad domains.

    But half the time it gets it wrong.

    I've offered to explain it, to test them all, and, where they're broken, to fix them, for nothing.

    I might as well talk to my three-legged dog.

    The DVLA, for example, has had a broken SPF record for YEARS. First it was Then it was

    Here's the Big Clue for the people running mail and DNS: Read RFC7208. ALL of it.

    Management summary:

    (Points are numbered in the same way that points are numbered on the "hackerone" Web forms, where I've already reported all this.)

    1. Yes, your SPF record needs to be able to PASS a genuine mail.

    1. But it doesn't end there. You see, you can PASS a genuine mail if you only process the first couple of terms in the SPF record. You're not really supposed to do it like that, but that's what people do.

    1. The thing is, you also need to be able to FAIL a forged mail. And to do that, you need to process the WHOLE RECORD.

    1. For the SPF record you can't do that, because it's broken. You run out of permitted DNS operations before you get to the end of it.

    Same problem with the record for that matter, only worse, because you run out of DNS operations further from the end of the record.

    On the plus side, though, I've only been banging on about this for about three years, and it would only take me about three minutes to fix it.

    Did I mention Capita? No, well, don't get me started.

    I really do have a three-legged dog.

    1. Anonymous Coward Silver badge

      Re: Government mail/DNS administration incompetence.

      SPF was a good idea, but... people implemented it wrongly and didn't include their external ESPs and suchlike which meant that SPF gradually became useless. It also doesn't handle cases where recipients auto-forward messages to their other address (and don't claim that SRS is workable). It's a score in a spam filtering system only.

      DMARC however supersedes it by signing emails and publishing the public key in DNS... and it works much better. Except organisations aren't keeping the keys up to date and other orgs don't have the balls to flat-out reject anything that doesn't pass. There's still some promise in the system though, unlike SPF which is defunct.

  8. Anonymous Coward
    Anonymous Coward

    HMRC warns of landline scams threatening households - GOV.UK


    2 Mar 2019 - Households with a landline number should be vigilant of phone calls from fraudsters pretending to be the tax authority, warns HM Revenue and ...

    (Daily Mail(wtf!) were up for this year's Paul Foot Award for this story)

    1. Alien8n

      Yup, we've had them over the last week along with "there is an arrest warrant in your name, please contact us on [insert number here] to discuss". From the same number as the HMRC scam.

      Thankfully Mrs Alien is now almost as paranoid as myself with regards suspicious phone calls and emails.

  9. Aristotles slow and dimwitted horse

    TV Licensing...

    The TV licensing idiots send a letter "to the occupier" of my house once a month with various threatening banners on the front such as "Investigations launched in your area" and "We've launched an official investigation" on the front. It's all very funny and a bit pathetic considering their complete lack of any authority.

    How does this relate to scams... well, this the key reason I still receive these letter at my property : (A) Because there is no legal imperative for me to tell the licensing goons anything, via their website or on my doorstep, and (B) they are not having any of my personal details because of these persisiting scams.

    The 419 boys from Lagos should certainly have a go though, as it certainly can't be any more laughable than Crapitas go at fraudulently and incorrectly trying to tell me why I need a TV license.

  10. Anonymous Coward
    Anonymous Coward

    Quote: "...followed by the (now defunct) Government Gateway identification service..."


    Dear El Reg:

    Clarification needed. Yesterday I used my Government Gateway ID (issued in 2018) in an online session with HMRC. The quote above MIGHT seem to imply that my online session yesterday could have been completely fraudulent.

    So....are Government Gateway IDs still valid or not. If not, then I'm wondering why HMRC seems still to use them.

    Confused....need clarification!

  11. Erik Schepers

    "the agency singled out French hoster OVH and American giant GoDaddy as increasingly tardy"

    You mean the French hoster whose IP adresses turned up many a time whenever a spam email slipped through the filters at my ISP and webhost? That French hoster? I don't believe it!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon