100K HMRC Accounts Hack... Busted!
Ilyas Patel
Entrepreneurial Tax Advisor | Chartered Certified Accountant | Expert in Tax Planning and Wealth Management
This week, thirteen individuals were arrested in Romania following a major phishing scam targeting HMRC.
The operation involved more than 100 Romanian police officers, with HMRC’s own criminal investigators joining forces across borders to track down those behind what’s believed to be a multi-million-pound fraud.
Cash and luxury cars were seized during the coordinated raids across Ilfov, Giurgiu and Calarasi, while suspects (aged between 23 and 53) were arrested on suspicion of computer fraud, money laundering and illegal access to a computer system.
You can see footage of the raid in this YouTube video of the report by Romanian news, by the Romanian police.
A fourteenth arrest was made closer to home in Preston, Lancashire.
A sophisticated scam with far-reaching impact
At the centre of it all is a phishing operation that, by HMRC’s estimate, led to the theft of around £47 million.
The criminals are believed to have stolen data to access more than 100,000 HMRC accounts, using the information to submit fraudulent claims for income tax refunds, VAT repayments and child benefit.
It’s a clear sign of how online fraud tactics are evolving.
We have recently received a real life example of how HMRC phishing fraud is done through our general inbox. You can see below an example of how well these fraudulent phishing emails are disguised these days:
HMRC has responded by locking down affected accounts and notifying those who may have been impacted.
As Simon Grunwell, operational lead in the Fraud Investigation Service, explained, “We have already acted to protect customers after identifying attempts to access a very small minority of tax accounts.”
Public sector under pressure to stay ahead
While HMRC has emphasised that this attack was aimed at the tax office rather than individuals, it has nonetheless contacted around 100,000 people as a precaution (a move likely intended to build trust and demonstrate proactive management).
These arrests are not isolated. They follow earlier detentions in Bucharest last November, all part of an expanding international crackdown on phishing and cybercrime.
A joined-up approach to digital fraud
What stands out in this case is the level of cross-border collaboration. Public bodies are no longer fighting financial crime in silos.
The lines between tax compliance, cybersecurity and law enforcement are becoming increasingly blurred (and necessarily so).
If your work involves fraud prevention, tax, tech or compliance, this case serves as a sharp reminder. The risks are real, the threats are evolving, and the response needs to be just as agile.
Forensic Accountant, Tax Consultant (UK/Spain), Finance Trainer (English, Portuguese and Spanish)
2wAn attempt or a success? If the funds were obtained and received, it was not an attempt, but a security failure. And to help with this, taxpayers no longer receive a letter about their tax refunds. So, the door is wide open
Managing Director @ AMP InfoSys | Cyber Security, IT Infrastructure Management
4wAbsolutely a priority to protect our digital infrastructures and security. Sadly, happening too often. Social engineering is becoming very clever and catching people out. We need the technology to protect ourselves and also a strengthened human firewall, with ongoing regular training for staff to help them try and recognise the threats. 👍
Helping UK Directors Solve Business Debt Problems — Fast.
1moThis case highlights the urgency for robust cybersecurity measures across global networks. Collective vigilance is key.
Proactive chartered accountant helping businesses save taxes and multiply revenue through strategic financial planning | Auditor | Finance Director | Fractional CFO
1moDigital security needs to be top priority, these scams are evolving fast and hitting hard.