A new focus is being made by HMRC’s digital team to better educate the British public
Speaking at the Government IT Security and risk management conference in London, HMRC head of cyber security and response Edward Tucker said that following a constant spate of phishing and malicious emails, it was implementing new measures that will address a lack of a “coherent answer” on phishing.
He admitted that the problem was how to convince users what they were receiving was a legitimate email, particularly with so much spam and fake email received. “Part of our Digital Strategy policy was put in place to secure the content of the message and it is to be determined on how and whether we do it, but there is an educational piece on what we do,” he said.
“The decision has yet to be finalised, but HMRC is looking at ways of using secure emails and links, which will have to be backed up with an innovative education to enable taxpayers identify legitimate emails form HMRC.”
He acknowedged that everyone does education and in turn, customers do it on the behalf of HMRC and it can point at pages to find, but users have got to be innovative in spotting fraudulent and be good at the education of customers.
He said: “There is a similar thing on how to spot bad emails and the tell tale marks, if it is too good to be true it probably is, but people fall for it. And when they get compromised, we bear the brunt.”
Tucker said that despite phishing having been around for years, there was no unified answer or solution, and there was little information on domain-based message authentication, reporting and conformance (DMARC), and no coherent answer to have a material impact on the issue, so it took the lead and provided answers in a whitepaper.
He said: “If we frame our controls, then the user gets a different message “from” Natwest. This is something we need to tackle as an industry and not individually, because if a brand is defrauded we all feel it. We are losing the ability to use email as an effective communication channel with our customers.”