How HMRC fends off phishing attacks

An email protocol protects taxpayers from 99% of malicious spam

HMRC has found a "panacea" to phishing attacks by adopting an email protocol called DMARC, achieving a 99% success rate of blocking malicious spam.

Scammers regularly target HMRC tax returns, sending phishing emails masquerading as HMRC messages to self-employed people in order to trick them into handing over the sensitive personal and financial data they would normally send to HMRC during a tax return.

But the protocol, standing for Domain-based Message Authentication, Reporting and Conformance, has put criminals off from targeting users of the tax body, its head of cyber security, Ed Tucker, told attendees of InfoSecurity Europe 2017 today.

"DMARC has had a massive impact on criminal's behaviour," he said. "There is no return on investment for criminals to attack HMRC."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

In the deployment of the technology, the most marked effect has come from switching to a mode in DMARC called "p=reject". This is the strongest policy within DMARC, and led to people receiving 300 million fewer phishing emails in 2016.

This instructs email providers to carry out checks on where email has come from and to reject anything suspicious.

But the protocol can also help other organisations build up a "herd immunity", according to Neil Hammet, email security product specialist at Proofpoint. "Once everyone is covered, criminals will go some place else," he explained.

He admitted that coverage in the UK was not complete but government agencies in the country were leading the way in stopping phishing emails.

While stopping phishing attacks via email had been a clear success for Tucker, he said that efforts still had to be made against other forms of phishing. For example, there are no current means of effectively stopping phishing via SMS messages. Tucker said he was working closely with Vodafone and the GSMA to combat these types of attack.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/business-strategy/mergers-and-acquisitions/354602/xerox-to-nominate-directors-to-hps-board-reports
mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/business-strategy/public-sector/354608/uk-gov-launches-ps300000-sen-edtech-initiative
public sector

UK gov launches £300,000 SEN EdTech initiative

22 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020