Tips on staying safe
In its latest Agent update #131, HMRC has provided the following warning and tips on how agents should protect themselves and their practices from the ever-increasing risk of cybercrime:
As tax agents, you are an attractive target for cybercriminals. Your access to sensitive financial information for your clients and your business makes you a prime candidate for cyberattacks. If one of your devices becomes infected, a criminal may have access to everything you use it for, including your HMRC online services for agents account or Agent Services Account (ASA). It is your responsibility to be vigilant and protect your systems from these threats.
The threat of legitimate software
Criminals are increasingly sophisticated in their methods, often tricking tax agents into downloading legitimate commercial software that gives them remote access to their devices. This can be done using phishing emails with links or attachments, sometimes disguised as a bill, certificate or another form of document.
It may not be obvious that this software is being downloaded, and once misused, they can provide criminals with the ability to control your device without your knowledge. Because these programmes are not inherently malicious, your antivirus software may not detect them as threats.
Top tips for staying safe
- Aoid following links or downloading attachments in suspicious or unexpected emails and messages.
- Be cautious of fake HMRC letters containing disguised links — you can check if a letter from HMRC is genuine or a scam using our list of recent letters from HMRC to help you decide.
- Be vigilant for multi-factor authentication that you did not set up or authorise.
- Regularly monitor your accounts for any suspicious activity and filings that you do not recognise.
- Regularly update your operating system and all software to protect against known vulnerabilities.
- Check your system for software that you have not installed or use, and remove if found.
- Use strong unique passwords.
If you believe your agent account has been compromised
If you think your account has been compromised, change your password immediately and report it to HMRC, by contacting our Online Services Helpdesk — who you can reach on 0300 200 3600.
If we believe your agent account has been compromised
HMRC monitors transactions on customer accounts for suspicious activity. If we believe an account has been compromised, we may immediately suspend that account without notice to prevent further criminal access. We will then write to you to advise you on the next steps to take.
If your account has been suspended, you will not be able to log in or reset your password. If you have not yet received a letter with the next steps to take, then you can call our Online Services Helpdesk — who you can reach on 0300 200 3600.
They will initiate the process for unsuspending your account and will try to call you back within 72 hours to walk you through a password reset across all gateways and all third-party filing software.
More information
- Read the article in the April edition of Agent Update, Protecting customer data against malware.
- Report suspicious HMRC emails, texts, social media accounts and phone calls.
- Visit Stop! Think Fraud.
- Visit the National Cyber Security Centre.
As members will have seen from the recent press, cybercrime against large companies such as M&S and Co-op has increased significantly. However, smaller businesses, including accountants, are no exception – according to recent reports from leading cybersecurity agencies, phishing attacks account for a staggering 90% of successful cyber breaches in the financial and professional services industries.
ACCA has previously highlighted several resources and articles to keep members aware of the various types of attacks they could be susceptible to and members must remain vigilant and ensure they have provided adequate cybersecurity training to members of staff to avoid falling victim to such crimes.
Further resources
General principles to establish good cybersecurity
Top ten tips to spot a phishing attack
