Scammers stole £47m from HMRC in phishing attack

Scammers stole £47m from the online accounts of 100,000 people after posing as taxpayers, HMRC has revealed.

The tax authority said it is writing to those affected to confirm it has secured their accounts, they haven't lost any money, and they don't need to do anything.

"These are attempts to claim money fraudulently from HMRC, not from customers," HMRC said.

There has already been a criminal investigation with arrests made last year, HMRC confirmed.

It said the scammers used phishing attacks to gain customer details and attempted to claim rebates.

Phishing is when criminals use personal information gathered externally to imitate a person and access services.

The tax authority said this was not a cyber or hacking attack, the likes of which have affected major retailers in recent weeks.

Angela MacDonald, HMRC's deputy chief executive, told MPs at an Treasury Select Committee on Wednesday that a "lot of money" was taken and "it's very unacceptable".

HMRC's permanent secretary and chief executive John-Paul Marks told the committee "a lot of work [was] then done to intercept this incident. We identified and locked down the compromised accounts."

HMRC's representatives were reprimanded by MPs for not writing to the committee about the fraud at the time.

Treasury Select Committee Chair Dame Meg Hillier said the committee had only heard about the scam when it was reported in the news.

"A word to the wise... let me use my position as chair just to remind you, gently – well perhaps not so gently – that it would be normal to advise parliament of things if you're appearing in front of a committee. Not to have it announced during the committee hearing," she added.

"Money was got. By criminals. By penetrating the digital system. A lot of people would consider that a cyber crime, however you define it", she said.

Much of the scam centred on criminals setting up new accounts using phished information, Ms MacDonald said.

She added many of those in whose name accounts had been set up didn't have a need for an online tax account, and had never had one before, so would not have known they were part of the scam.

Ms MacDonald told the committee that "the nature of the attack altered through the year, as we were closing it down, and closing accounts down."

"They were moving their MO [method] over… We took a lot of action to actually tackle the perpetrators," she added.

"What has been a challenge in terms of... cleaning the accounts up is being clear that we were then talking to the genuine customer and not in fact talking to the criminal who was on the other end of the account."

She said she was "clear with the information commissioner" and had been taking its advice on the handling of the incident.

"We are living in a environment where every single organisation was facing some kind of cyber threat," she said, adding "it is a continuing piece of work for us to invest in our systems... to try to outpace the criminals".

The BBC understands that the government will be making further investments in the HMRC IT systems at next week's spending review.