博客

[FCE] 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC | HMRC | The Guardian

收听本期播客

阅读正文

In a surprising turn of events, the UK’s tax authority, HM Revenue and Customs (HMRC), has suffered a significant financial loss of 47 million pounds due to a large-scale phishing scam. This incident, which began last year, has impacted around 100,000 individual taxpayer accounts. Phishing is a fraudulent practice where criminals deceive people into revealing personal information, often through fake emails or messages that appear to come from legitimate organizations.

HMRC officials recently explained to Members of Parliament on the Treasury Committee that this was not a direct cyber-attack on their systems. Instead, organized criminals used personal data, probably obtained from external sources, to gain access to individual tax accounts. They then tried to claim repayments by setting up fake accounts or accessing existing ones. The deputy chief executive of HMRC stressed that no data was stolen directly from their systems, but the financial impact remains substantial at 47 million pounds.

The affected individuals, representing about 0.2% of the working population under the PAYE system (which taxes employees directly from their salaries), have been or will soon be contacted by HMRC. Fortunately, these taxpayers will not suffer any personal financial loss, as HMRC has committed to covering the costs. To prevent further problems, the authority has secured the compromised accounts by locking them, deleting login details, and correcting inaccurate information in their records. Over the coming weeks, letters will be sent to those affected to explain the measures taken to protect their accounts. Meanwhile, a joint investigation by UK and international authorities has already resulted in several arrests connected to this crime.

This incident underlines the growing threat of online fraud, as scammers develop increasingly clever tactics. Just last week, UK banks were encouraged to strengthen their anti-fraud measures following a rise in similar scams targeting international payments. The HMRC case serves as a stark reminder of the need to safeguard personal information. While HMRC has taken swift action to limit the damage, the scale of this phishing scam raises serious questions about online security and the steps both individuals and organizations must take to protect themselves from such threats in the future.

阅读练习

1. What is the main cause of the financial loss suffered by HMRC?

  • A. A direct cyber-attack on their systems
  • B. A phishing scam using personal data from external sources
  • C. Errors in their internal records
  • D. Unauthorized access by their own employees

2. How many individual taxpayer accounts were affected by the phishing scam?

  • A. 47,000
  • B. 100,000
  • C. 0.2 million
  • D. 47 million

3. What action has HMRC taken to protect the affected accounts?

  • A. They have asked taxpayers to pay for the losses.
  • B. They have ignored the compromised accounts.
  • C. They have locked the accounts and deleted login details.
  • D. They have stopped all tax repayments temporarily.

4. What wider issue does the HMRC incident highlight, according to the article?

  • A. The need for better tax collection methods
  • B. The increasing threat of online fraud
  • C. The lack of international cooperation
  • D. The inefficiency of the PAYE system

5. What does the article suggest about the affected taxpayers’ financial situation?

  • A. They will lose a significant amount of money.
  • B. They might have to wait for repayments.
  • C. They will not face any personal financial loss.
  • D. They need to cover part of the costs themselves.