As HMRC moves more of its services online, fraudsters are exploiting this transition by targeting taxpayers with fake emails. Known as ‘phishing’, these communications are designed to encourage people to impart sensitive personal or financial information which can then be used for fraudulent purposes. With an increasing number of people falling victim to such scams, HMRC has released updated guidance on how to recognise genuine contact from its agents.
Contact from HMRC
HMRC have clearly stated that they will never send notifications of a tax rebate by email and will never ask you to disclose personal or payment information via email. There are, however, some occasions when the Revenue will make digital contact. Some examples include:
- Trade statistics import/export data emails
- Employer Bulletin emails
- Tax credits letters from Concentrix
- Tax credits – SMS text or voice prompts
- VAT Mini One Stop Shop (MOSS) emails
- Agents online self-serve email invitations
- PAYE notices and reminders
- Educational emails
- Debt management and banking text messages
- Inheritance tax online registration and application emails
- VAT emails including VAT returns, VAT registration and VAT debt reminders
- Annual Tax Summary email alerts.
How to spot phishing
Phishing emails can often appear very believable and convincing, but there are a number of signs which can help you to determine whether an email is fraudulent.
A key feature of phishing scams is that they will ask you to provide personal or financial details (such as credit card or bank details) in order to, for example, receive a tax refund.
Common greetings such as ‘Dear Customer’ may signify that the email is bogus, and you should also be cautious of any emails demanding urgent action, as criminals will often use such tactics to encourage an immediate response.
Be especially cautious of Links and attachments as they pose another potential threat. Phishing emails will often include a link to a webpage replicating those on the HMRC site. Although the page appears genuine, it may display fields requesting personal information or bank account details. These attachments or web-links may contain viruses designed to steal confidential information from your computer.
Reporting anything suspicious to HMRC
Any suspicious emails should be forwarded to phishing@hmrc.gsi.gov.uk. If you believe you may have disclosed personal information by mistake, contact HMRC at security.custcon@hmrc.gsi.gov.uk. Meanwhile, details of any misleading websites should be reported to Action Fraud – see www.actionfraud.police.uk or call 0300 123 20 40.
HMRC publish up to date lists of genuine topical HMRC calls, letters and digital communications which can be referred to if you are in doubt.
By following the above guidance, it is possible to minimise the risk of falling victim to phishing scams. For more information visit www.gov.uk/topic/dealing-with-hmrc/phishing-scams.