Security measures by HMRC have cut the number.
HMRC has reduced the number of phishing emails received by taxpayers by 300 million this year.
This is a significant decrease in the 500 million phishing emails sent in 2014 and 2015 alleging to be from an ‘@HMRC.gov.uk’ email address, and shows the progress the department is making in tackling these types of cyber threats.
HMRC has implemented the email protocol domain-based message authentication, reporting and conformance (DMARC). The security process works by determining which servers are allowed to send emails on behalf of the organisation. If an email passes the checks it is deemed legitimate and delivered. If it fails, it is deemed fraudulent and is not delivered.
Suspicious emails purporting to be from HMRC should be sent here, or if it is an SMS message to 60599.