Skip to content

HMRC warns students of scams

Cyber sector news

04:00 Wednesday, 08 September 2021

UK Cyber Security Council

HMRC is running an intensive campaign today to warn university students about potential scams - especially if they have a part-time job and are new to interacting with the department. Students taking part-time jobs are at increased risk of falling victim to scams, it says.

Nearly half of such scams offer fake tax refunds, which HMRC does not do either by SMS or by email. Criminals are usually trying to steal money or personal information to sell on to others: the links or files in emails or texts typically download malware onto a computer or phone, which then gathers personal data, or locks the recipient’s device until a ransom is paid.

It’s a worthwhile campaign because the problem is significant: in the past year almost one million people reported scams to HMRC. And, between April and May this year, 18 to 24-year olds reported more than 5,000 phone scams to HMRC, suggesting many of them are scam-aware.

Nonetheless, the fact that these scams persist is evidence that they remain fertile ground for criminals; many people are still caught out. As a country, the UK still has plenty to do to educate the population about cyber risks - and, it seems, the earlier the better.

Back in March we highlighted a speech by the NCSC’s CEO, Lindy Cameron, in which she pointed specifically at the lack of cyber education in schools. “We’re all too aware that cyber skills are not yet fundamental to our education - even though these are life skills like wiring a plug or changing a tyre,” she said then. And, only in July, we highlighted how Australia has announced its intention to begin teaching cyber security to children as young as five years of age.

With the overwhelming majority of cyber breaches the result of “human error”, broad cyber education and training - including campaigns like HMRC’s - remain key to reducing the incidence of successful cyber attacks, whether in the form of scams directed at individuals or attacks on organisations and infrastructure.