Recognising HMRC Phishing / Bogus Emails

 In phishing, Scam

A reader got in touch about an ‘investigation’ that had taken place that had resulted in a large tax bill. She forwarded me the bill and I could see that the HMRC email address looked unusual, when I asked about the details of the investigation she said that HMRC’s final demand was the first she’d known about it.

What’s obviously fake to some is extremely worrying to others. HMRC have produced their own guide on how to spot a fake. Highlights below, then a link to the HMRC page at the bottom.

What is a phishing email?

Phishing is the fraudulent act of emailing a person in order to obtain their personal/financial information such as passwords, credit card or bank account details. These emails often include a link to a bogus website encouraging you to enter your personal details.

Hints and tips below may help you recognise a phishing / bogus email

Incorrect ‘From’ address
Look out for a sender’s email address that is similar to, but not the same as, HMRC’s email addresses. Fraudsters often have email accounts with HMRC or revenue names in them (such as ‘refunds@hmrc.org.uk’). These email addresses are used to mislead you.
However be aware, fraudsters can falsify (spoof) the ‘from’ address to look like a legitimate HMRC address (for example ‘@hmrc.gov.uk’).

Personal information
HMRC will never ask you to provide confidential or personal information such as passwords, credit card or bank account details by email.

Urgent action required
Fraudsters want you to act immediately. Be wary of emails containing phrases like ‘you only have three days to reply’ or ‘urgent action required’.

Bogus websites
Fraudsters often include links to webpages that look like the homepage of the HMRC website. This is to trick you into disclosing personal/confidential information. Just because the page may look genuine, does not mean it is. Bogus webpages often contain links to banks/building societies, or display fields and boxes requesting your personal information such as passwords, credit card or bank account details. You should be aware that fraudsters sometimes include genuine links to HMRC web pages in their emails, this is to try and make their emails appear genuine.

Common greeting
Fraudsters often send high volumes of phishing emails in one go so even though they may have your email address, they seldom have your name. Be cautious of emails sent with a generic greeting such as ‘Dear Customer’.

More here.

Recent Posts
Showing 4 comments
  • Paula. Sadler
    Reply

    Just had a phone call to my mobile. From someone saying they are from in the Tax fraud Dept. Saying my National Insurance Number has been used in a fraud. If I don’t reply within an hour, my Number will be cancelled, my assets will be frozen and I will be arrested.
    I turned my phone of. I have been try to contact someone to report the call.

  • david
    Reply

    i have just received an email ending in @vatreg.hmrc.gov.uk this isn’t an hmrc email address is it????

    • Nick Morgan
      Reply

      No, it’s not.

  • Samuel Wiah Roberts
    Reply

    I’ve a complaint of two of my employers that’s on a letter dated to me about owning tax naming healthcare LTD and CIRCLE 365 recruitment respectively and another employer i don’t know either and i hadn’t work for before, okay! I spoke with someone in the customer service concerning these issues but i don’t HMRC email address to email the office concerning my situation with your letter that i had pay less tax. Can you kindly send me your full email address through my email please. Thanks.
    Samuel Wiah Roberts

Leave a Comment

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

0

Start typing and press Enter to search