Recognising HMRC Phishing / Bogus Emails

 In phishing, Scam

A reader got in touch about an ‘investigation’ that had taken place that had resulted in a large tax bill. She forwarded me the bill and I could see that the HMRC email address looked unusual, when I asked about the details of the investigation she said that HMRC’s final demand was the first she’d known about it.

What’s obviously fake to some is extremely worrying to others. HMRC have produced their own guide on how to spot a fake. Highlights below, then a link to the HMRC page at the bottom.

What is a phishing email?

Phishing is the fraudulent act of emailing a person in order to obtain their personal/financial information such as passwords, credit card or bank account details. These emails often include a link to a bogus website encouraging you to enter your personal details.

Hints and tips below may help you recognise a phishing / bogus email

Incorrect ‘From’ address
Look out for a sender’s email address that is similar to, but not the same as, HMRC’s email addresses. Fraudsters often have email accounts with HMRC or revenue names in them (such as ‘’). These email addresses are used to mislead you.
However be aware, fraudsters can falsify (spoof) the ‘from’ address to look like a legitimate HMRC address (for example ‘’).

Personal information
HMRC will never ask you to provide confidential or personal information such as passwords, credit card or bank account details by email.

Urgent action required
Fraudsters want you to act immediately. Be wary of emails containing phrases like ‘you only have three days to reply’ or ‘urgent action required’.

Bogus websites
Fraudsters often include links to webpages that look like the homepage of the HMRC website. This is to trick you into disclosing personal/confidential information. Just because the page may look genuine, does not mean it is. Bogus webpages often contain links to banks/building societies, or display fields and boxes requesting your personal information such as passwords, credit card or bank account details. You should be aware that fraudsters sometimes include genuine links to HMRC web pages in their emails, this is to try and make their emails appear genuine.

Common greeting
Fraudsters often send high volumes of phishing emails in one go so even though they may have your email address, they seldom have your name. Be cautious of emails sent with a generic greeting such as ‘Dear Customer’.

More here.

Recent Posts
Showing 3 comments
  • Susan Kollar

    Goverment Gateway

    Fri, 12 Jun at 08:56

    HM Revenue & Customs
    Dear Taxpayer,

    After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund up to 386.65 £.

    To receive your tax refund please click here.

    A refund can be delayed for a variety of reasons. For example, for submitting invalid records or applying over the deadline.

    Please submit a tax refund request and allow us 3-5 days in order to process it.

    Best regards,
    HM Revenue and Customs Online Payments.

  • Christine Ball

    HMRevenue and Customs

  • Christine Ball

    —–Original Message—–
    From: HMRevenue and Customs
    Sent: 11 April 2020 16:23
    Subject: REF: 00-ATLX007TR07 – Important. – 1074450954/S18H from HMRC(COVID-19) – Stay At Home!
    -HM- Sent you a confirmation for a refund of GBP 659.76 on 11 April 2020

Leave a Comment