Recognising HMRC Phishing / Bogus Emails
A reader got in touch about an ‘investigation’ that had taken place that had resulted in a large tax bill. She forwarded me the bill and I could see that the HMRC email address looked unusual, when I asked about the details of the investigation she said that HMRC’s final demand was the first she’d known about it.
What’s obviously fake to some is extremely worrying to others. HMRC have produced their own guide on how to spot a fake. Highlights below, then a link to the HMRC page at the bottom.
What is a phishing email?
Phishing is the fraudulent act of emailing a person in order to obtain their personal/financial information such as passwords, credit card or bank account details. These emails often include a link to a bogus website encouraging you to enter your personal details.
Hints and tips below may help you recognise a phishing / bogus email
Incorrect ‘From’ address
Look out for a sender’s email address that is similar to, but not the same as, HMRC’s email addresses. Fraudsters often have email accounts with HMRC or revenue names in them (such as ‘firstname.lastname@example.org’). These email addresses are used to mislead you.
However be aware, fraudsters can falsify (spoof) the ‘from’ address to look like a legitimate HMRC address (for example ‘@hmrc.gov.uk’).
HMRC will never ask you to provide confidential or personal information such as passwords, credit card or bank account details by email.
Urgent action required
Fraudsters want you to act immediately. Be wary of emails containing phrases like ‘you only have three days to reply’ or ‘urgent action required’.
Fraudsters often include links to webpages that look like the homepage of the HMRC website. This is to trick you into disclosing personal/confidential information. Just because the page may look genuine, does not mean it is. Bogus webpages often contain links to banks/building societies, or display fields and boxes requesting your personal information such as passwords, credit card or bank account details. You should be aware that fraudsters sometimes include genuine links to HMRC web pages in their emails, this is to try and make their emails appear genuine.
Fraudsters often send high volumes of phishing emails in one go so even though they may have your email address, they seldom have your name. Be cautious of emails sent with a generic greeting such as ‘Dear Customer’.