How HMRC fends off phishing attacks
An email protocol protects taxpayers from 99% of malicious spam
HMRC has found a "panacea" to phishing attacks by adopting an email protocol called DMARC, achieving a 99% success rate of blocking malicious spam.
Scammers regularly target HMRC tax returns, sending phishing emails masquerading as HMRC messages to self-employed people in order to trick them into handing over the sensitive personal and financial data they would normally send to HMRC during a tax return.
But the protocol, standing for Domain-based Message Authentication, Reporting and Conformance, has put criminals off from targeting users of the tax body, its head of cyber security, Ed Tucker, told attendees of InfoSecurity Europe 2017 today.
"DMARC has had a massive impact on criminal's behaviour," he said. "There is no return on investment for criminals to attack HMRC."
In the deployment of the technology, the most marked effect has come from switching to a mode in DMARC called "p=reject". This is the strongest policy within DMARC, and led to people receiving 300 million fewer phishing emails in 2016.
This instructs email providers to carry out checks on where email has come from and to reject anything suspicious.
But the protocol can also help other organisations build up a "herd immunity", according to Neil Hammet, email security product specialist at Proofpoint. "Once everyone is covered, criminals will go some place else," he explained.
He admitted that coverage in the UK was not complete but government agencies in the country were leading the way in stopping phishing emails.
While stopping phishing attacks via email had been a clear success for Tucker, he said that efforts still had to be made against other forms of phishing. For example, there are no current means of effectively stopping phishing via SMS messages. Tucker said he was working closely with Vodafone and the GSMA to combat these types of attack.
Digitally perfecting the supply chain
How new technologies are being leveraged to transform the manufacturing supply chainDownload now
Three keys to maximise application migration and modernisation success
Harness the benefits that modernised applications can offerDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
The 3 approaches of Breach and Attack Simulation technologies
A guide to the nuances of BAS, helping you stay one step ahead of cyber criminalsDownload now