Thirteen Romanians were arrested following Phishing computer attacks against the British Fiscal Agency (His Majesty’s Revenue & Customs). According to the authorities, the group would have used stolen data to fraudulently request tax refunds, with an estimated injury to 47 million pounds (about $ 63.7 million), reports Reuters.
Photo source: pixabay
The operation was carried out on Thursday, in Ilfov, Giurgiu and Călărași counties, with the support of over 100 Romanian policemen, in collaboration with investigators of HMRC. As a result of the searches, more money and more luxury cars were confiscated.
100,000 compromised accounts and fake tax refunds
Suspects, between the ages of 23 and 53, are accused of computer fraud, money laundering and illegal access to computer systems. A 14th suspect, a 38-year-old man was detained in Preston the same day in the northwest of England.
The investigation comes after HMRC revealed the existence of an criminal group last month that would have illegally accessed over 100,000 taxpayers, submitting false reimbursement applications for income tax, VAT and child allowances.
“These arrests show that we work across the borders, along with our international partners, to combat tax crime in all its forms. We have several criminal investigations and thank the Romanian partners for the support offered. We have already taken measures to protect the taxpayers, after we have identified an attempts to access a very small number, Unit, as well as from abroad, to bring the responsible persons before the justice ”, said Simon Grunwell, coordinator in the HMRC’s anti -fraud investigation service, quoted by Reuters.
HMRC emphasizes that the attack concerned the institution’s budget, not the personal accounts of the taxpayers, although about 100,000 people were notified about the security breach.
The agency also confirmed that two other Romanian suspects were arrested in November 2024 in Bucharest, in a separate case, but with the same mode of operation: fraudulent access of British tax systems through phishing type computer attacks).
According to a report published by Global Anti SCAM Alliance, regarding fraudulent internet activities in 2024 internationally, only 4% of the victims of the online fraud manage to recover their lost money and only 28% of the victims report fraud to the authorities. The percentage is even declining compared to 7%, as recorded in 2023. In addition, the financial losses generated by online fraud in 2024 are estimated at approximately 1.03 trillion globally.
Pishing, growing attack attacks
Phishing attacks evolve, draw the attention of specialists and only 4.7% are generated by AI, but threat is increasing.
According to the “Phishing Trends 2025” report made by the Hoxhunt cyber security company, only between 0.7% and 4.7% of the dangerous emails identified in 2025 were created with Ai. The study analyzed 386,000 phishing emails reported out of a total of 2.5 million users from over 130 countries.
Even if the percentage is still reduced, you would begin to play an important role in facilitating and refining the attacks, lowering the entrance barrier for attackers and increasing the level of sophistication. We already notice a clear trend: artificial intelligence attacks are no longer just about emails. They also involve synthesized voices, which can imitate a CEO for phone calls, Deepfake videos for false meetings, personalized messages that perfectly mimic the communication style of the organization, automatic responses in real time, within seemingly legitimate interactions. This type of phishing, on several channels, makes the classic security filters increasingly ease. Even trained employees can be misled if the attack combines forged emails, calls and videos, in a coherent and personalized way.
“AI increased the risk of phishing attacks, but also the level of preparation against them. Our studies show that a good training can overcome a bad”, Said Pyry Åvist, CTO and co -founder Hoxhunt.
For his part, Mika Aalto, CEO of Hoxhuntl, said: “In the near future, you will supply more and more attacks: from text messages, to video and audio deepfakes. Everything will become cheaper, more convincing and easier to use by attackers ”.
How things are at us
Regarding the computer frauds, at the level of the Computer Crime Fighting Section (SCCI) at the IGPR level, in the first four months of this year, there were a number of 928 computer fraud files, of which 170 had been registered in 2025. Of these, 169 were already resolved, Flavius Nistor announced. Organized, IGPR, recently. Regarding the computer attacks, at the SCCI level in the first four months there were a number of 1,187 files, of which 256 were resolved. At the same time, he completes, the frauds with investments arrived in the first place at European level.
One of the most common fragile scenarios uses the spoofing method. The victim is called by an attacker who claims to call on behalf of a bank or authority in Romania. “The phone number displayed on the potential victim’s screen is most often found in the contact section on the websites of banks or institutions, so that a quick verification of contact does not suspect. However, the actual number from which the fraudulent call was not the one displayed on the screen, the attackers can disguise them. Internet in fact ”Internet”reveals the most recent statement of the DNSC, made in partnership with ING.
DNSC: How do you recognize a three -step computer attack
“Offenders in the online environment are constantly improving their methods and scenarios, which is why it would be important not to block ourselves in technical analyzes of some photo, video or audio elements that accompany the fraud attempt, as to be aware of three elements that are common in most fraud. Vigilant. Recently, Mihai Rotariu, manager of the Communication, Marketing and Media Directorate of the National Cyber Security Directorate (DNSC).
Subsequently, according to his words, we will obsess in the scenario presented the second element – the emergency (“now validates the data or you lose access to the account”, “There are x places available”). Finally, the third element is also a clear indication that it is an attempt to fraud – the request to provide data, to install applications on the device or to open certain accounts. “If you find all these elements in a call, message or mail received from a stranger, from a friend or even from a certain entity in the public or private sector, you are most likely very close to falling into the trap. Stop and report the initiative to the authorities.” he declares.
In a constantly transforming digital landscape, phishing attacks evolve faster than the ability of traditional defense systems. The case of Romanians involved in fraud of 47 million pounds in the UK is just an alarm signal in a global context in which you have, Voip and advanced social engineering techniques become tools available to anyone.
From calls that perfectly mimic the tone of a civil servant, to personalized messages that seem true, attackers exploit not only technology, but also human vulnerability: impulse, emotion and trust.
In the face of these risks, protection no longer means only an antivirus or firewall, but a culture of digital vigilance. And this must be cultivated by both institutions, companies and citizens.
