Over 500,000 malicious emails attacks have been received by HMRC during the last three months, according to official figures.
The three main categories for cyber attacks include: malware/antivirus, phishing and spam/junk.
The cyber security team at Parliament Street, a thinktank, uncovered the figures using a Freedom of Information request, which showed that 5,000 spam, phishing, and malware emails were recorded daily.
Spam and junkmail contributed 377,820 of the total 521,582 collected by HMRC whereas, phishing – a fraudulent scheme used to reveal personal information such as passwords and credit card numbers, made up 128,255, whilst the remaining 15,507 attacks were said to contain malware.
Andy Heather, security specialist VP at Centrify, said: “Hackers see HMRC as a goldmine of personal and company data, so it’s no surprise that they are bombarding the organisation with an array of phishing, malware and spam attacks on a daily basis.”
During Covid-19 lockdown, email attacks rose from 115,585 in June to 153,992 in July, and even higher to 175,227 attacks in August. September showed 76,778 digital attacks in the first 10 days.
Chris Ross, cyber expert at SVP International Barracuda Networks said: “Organisations like HMRC, which oversee the tax affairs of millions of people, are a top target for malicious hackers who will stop at nothing to steal confidential data.
“All it takes is a single rogue email to reach the inbox of an unsuspecting staffer undetected and criminals could easily get hold of critical personal data, passwords or log-in credentials.”
Ross added: “Key to preventing this is ensuring robust email security systems are in place to identify and quarantine suspicious communications before they reach workers, alongside rigorous training to ensure all employees are aware of the risks posed by increasingly sophisticated phishing attempts.”
