Fourteen individuals have been arrested across the UK and Romania in connection with a sophisticated phishing operation that targeted British taxpayers and resulted in fraudulent claims worth over £1 million.
The coordinated arrests represent the culmination of an international investigation into organized criminal gangs that stole personal data to submit fake tax repayment claims through HM Revenue and Customs (HMRC) systems.
Romanian authorities arrested thirteen suspects aged between 23 and 53 in the counties of Ilfov, Giurgiu, and Calarasi, working alongside more than 100 Romanian police officers and HMRC criminal investigators.
The suspects face charges including computer fraud, money laundering, and illegal access to computer systems.
Simultaneously, a 38-year-old man was detained in Preston, England, on multiple charges including fraud by false representation, possession of articles for fraud, unauthorized computer access, and money laundering offenses under various UK laws including the Fraud Act 2006 and Computer Misuse Act 1990.
The operation emerged from a joint investigation team established earlier this year, bringing together Romanian prosecutors, HMRC, and the Crown Prosecution Service.
This international partnership demonstrates the growing necessity for cross-border cooperation in combating sophisticated cybercrime operations that exploit jurisdictional boundaries.
The collaboration allows authorities to pool resources, expertise, and intelligence to pursue criminals operating across multiple countries.
Extensive Fraud Scheme
The criminal network allegedly used stolen personal information obtained through phishing attacks to submit fraudulent claims for PAYE tax refunds, VAT repayments, and Child Benefit payments.
The sophisticated operation involved cybercriminals gathering personal data from various sources and using this information to access legitimate HMRC online services, rather than directly attacking government systems.
Romanian police investigations suggest the total financial damage exceeded £1 million, highlighting the substantial scale of the fraudulent activity.
HMRC has identified that approximately 100,000 customers were potentially affected by unauthorized access attempts, representing roughly 0.22% of their total customer base.
The revenue service has contacted all affected individuals to inform security breach, provide reassurance that their accounts have been secured, and confirm that no customers suffered financial losses as a result of the unauthorized access attempts.
Enhanced Security Measures
Following these incidents, HMRC has implemented additional security measures to combat evolving fraud tactics and protect taxpayer information.
The government announced new investments in HMRC’s IT security systems during the June 2025 Spending Review, demonstrating official commitment to strengthening digital defenses against cybercriminal activities.
According to the National Cyber Security Centre, HMRC ranked as the third most impersonated government body in 2022, trailing only the NHS and TV Licensing in terms of fraudulent spoofing attempts.
Simon Grunwell, Operational Lead in HMRC’s Fraud Investigation Service, emphasized the organization’s commitment to international cooperation in combating tax crime while acknowledging ongoing investigations related to these phishing attacks.
The arrests follow previous detentions in November, when two men aged 27 and 36 were arrested in Bucharest on similar cybercrime and fraud charges.
These earlier arrests indicate that authorities have been tracking this criminal network for several months, building comprehensive cases against multiple suspects involved in the broader operation.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
.webp?w=356&resize=356,220&ssl=1 "Microsoft Teams Blocking Users from Accessing Embedded Office Documents")
