close menu

Scam watch: Beware of HMRC fraudsters in 2019

by Kobus Van den Bergh | Mar 27, 2019
  • Criminals use clever schemes and tricks to defraud millions of people each year. They often combine new technology with old tricks to get people to send money or give out personal information. So, what is phishing, how can you spot it and what should you do if you’re targeted?
    Wolf in sheep's clothes

    Why do scams succeed?

    Wherever there’s opportunity to make some easy money, you can be sure that criminals are ready to take advantage. Criminals target thousands of taxpayers with bogus emails, texts and even social media messages that seem genuine. Advances in digital communication have opened countless channels for scammers to target you and impact your finances, security and peace of mind.

    Cons can look like the real thing and are designed to catch you off-guard when you’re least suspecting it.

    Electronic communication and transactions are a key part of HMRC’s business, so here are a few cons to be aware of and advice on what to do if you think you’ve been deceived.

    Who’s at risk?

    We’ve all seen fake emails and text messages claiming that we have won a fantastic grand prize. Scammers are growing sophisticated in their attempts and can target everyone.

    The most widespread scam today

    From: GOV.UK-HM Revenue & Customs 9031609552407800212@2160162795.tax.co.uk
    Sent: Thursday, 14 March 2019 10:24 PM
    To: xx@hotmail.com
    Subject: refID: 308884106011 – Your tax is Ready

    Dear customer,

    You are receiving this notice from HM Revenue & Customs with information about your available refund credit of 254.36 GBP, and how to return your funds electronically using the online platform.

    Please note that this process can only until the 14th of March 2019. After the due term of this process you can only request your refund via postal service or in person at any HM Revenue & Customs office.

    If you need a refund from us, take a look at the following links:

    • What if I had an overpayment HMRC tax bill?

    You can also get your refund by direct debit. Visit GOV.UK for the information you need.

    If you’ve already got your refund by post – thank you.

    Andrew Walsh
    Head of Digital Communication Services

    Scam emails ask you for personal information like passwords or bank details - this is called “phishing”. This is a type of online fraud that involves getting an individual or organization to disclose sensitive information under false pretences that have been expertly manufactured by the attackers. If you’re unsure of how to spot a scam email from HMRC, take note of these tell-tale signs:

    • The email or website address is strange or comes from a free email provider like Gmail
    • The email is not addressed to you, the recipient by name - “Dear customer” is not an identifier
    • There are spelling and grammatical errors

    Phishing emails can trick you into visiting fraudulent websites disguised to look like a valid ecommerce or banking site. For example, you may think you’re logging into your personal bank account, but instead, all your personal information is being sent to a thief.

    Fraudsters own email addresses with names associated with HMRC like Revenue, HMRC or gov. Impostors can spoof the “from” address to look legitimate. For example: the address may look like it’s from refunds@hmrc.gov.uk, but if you hover over the link and look at the bottom left-hand corner of the page you’ll see the true link that the text leads to. This will not end in @hmrc.gov.uk at all. The best practice if you’re unsure if it is a scam email - do not open it.

    Here is a list of email addresses known to have been used in HMRC scams:

    • service.refund@hmrc.gov
    • secure@hmrc.co.uk
    • taxrefund-notice@hmrc.gov.uk
    • taxrefund@hmrc.gov.uk
    • refund-help@hmrc.gov.uk
    • refund.alert@hmrc.gov.uk
    • refunds@hmrc.gov.uk
    • HM-Revenue-&-Customs@ztoro.com

    Phishing texts

    You have a pending Tax Refund of 265.84GBP from HMRC.
    To proceed your application please complete your form via hmrc.gov.signin-uk.com.

    It’s no surprise that SMS phishing attempts are a growing trend for opportunists when you look at the statistics.

    • There are more than six billion mobile phone subscribers in the world
    • Nearly two thirds of all adults with a mobile phone use text messaging
    • More than 90% of text messages are opened within 15 minutes of being received
    HMRC may occasionally send you a text message, but they will never request personal or financial information from you via SMS. Do not respond or open any links contained within the message.

    Unsolicited calls

    “Hello, this is a final warning from Inland Revenue with HMRC regarding a criminal prosecution on your name. Urgently call us back on 3300010202 to avoid further legal action. Thank you.”

    In the six months leading up to January, HMRC revealed that it experienced a 360% increase, over 60,000, in reports of phone scams.

    As HMRC has cracked down on email and SMS phishing, fraudsters are now turning to older methods such as cold-calling publicly available phone numbers. Often these calls are to landline numbers and target vulnerable elderly individuals.

    A few tips to avoid these phone scam tactics:

    • Don’t assume the caller ID on your phone is proof of whom you’re speaking with
    • If you receive a phone call asking for personal information, don’t respond before checking with official contact information
    • Don’t trust someone because they have personal information about you – scammers have ways of getting information to make their lies believable
    If you are ever unsure of whom you are speaking to – hang up the phone and contact the relevant department using one of the numbers or online services available from gov.uk. If HMRC called and you did not pick up, you wouldn’t see a number on your missed calls due to the phone system they use.  

    Robocall scams

    Similar to cold-call scams, robocalls are automated phone calls that deliver recorded messages. These are mass delivered to phones and automatically play a message when the receiver answers the phone.

    There is an automated phone call scam that tells people HMRC is filing a lawsuit against them, and to press one to speak to a caseworker to make a payment. HMRC has confirmed this is a scam and advises to end the call immediately.

    To report a phone call scam and ensure the fraudsters are caught, note the date, the number as well as what the call said. This helps HMRC to clamp down on that particular scam.

    Social media scams

    Hi Pamel, I’m Joshua from HMRC Customer Support. In accordance to your P60 refund policy for every TaxPayer, you might be eligible for a possible refund. Please visit bit.do/dwyBZ for more information. A confirmation email will also be sent to you immediately after, you can also confirm with your bank for more information. Thank you ^JS

    Just as social media makes it easier for legitimate business, it also makes it easier for scammers and cyber criminals. On Twitter, for example, these fraudsters are sending direct messages to unsuspecting users offering an HMRC tax refund.

    HMRC would never offer a tax rebate or request information via a social media channel.

    How do I know if I’ve been scammed?

    • Unexplained bank transactions on your bank account
    • Additional financial products you don’t remember taking out reflect on your credit report
    • Bank statements meant for your address aren’t delivered – this could be a sign of ID fraud

    Protect yourself

    A short summary of how to guard against fraudsters:

    • Resist the urge to act immediately on the text, email or message
    • If you are unsure to whom you are speaking – hang up and call the department directly
    • Do not open suspicious texts, pop-up windows or click links or attachments in emails
    • Use privacy settings and passwords on all your devices and online accounts
    • Do not use the same password for multiple accounts and change them often
    • Be cautious about what you share on social media and only connect with people you know

    Reporting scams to HMRC

    Even if you did not give the scammer your personal information, you should still report it. This helps HMRC understand what’s happening and can lead to investigations and bring down these swindlers.

    • Forward suspicious emails claiming to be from HMRC to phishing@hmrc.gsi.gov.uk
    • Send any fraudulent texts you receive to 60599
    • Report suspicious calls by contacting Action Fraud on 0300 123 2040
    • Use the HMRC online fraud reporting tool

    We take online security very seriously and hope this advice helps you to guard against fraudulent activity.


    If you’re looking to claim back your overpaid tax from HMRC do it securely through our experienced and reputable accounting team. Take a few moments to complete our online Tax Refund Claim Form or give us a call on +44 (0) 20 7759 7530.

    We are a professional services company that specialises in cross-border financial and immigration advice and solutions.

    Our teams in the UK, South Africa and Australia can ensure that when you decide to move overseas, invest offshore or expand your business internationally, you’ll do so with the backing of experienced local experts.

    • Sole trader on ship
      Everything you need to know about setting up as a sole trader
      Aug 15, 2019  |  by Kobus Van den Bergh
    • tax relief sme income
      Your guide to UK tax reliefs for SMEs
      Apr 04, 2019  |  by Scott Brown
     
     

    South Africa

    Cape Town

    Regent Square
    Doncaster Road
    Kenilworth 7708 +27 (0) 21 657 2120

    Durban

    25 Richefond Circle
    Ridgeside
    Umhlanga 4320 +27 (0) 31 536 8844

    United Kingdom

    Croydon

    One Croydon
    12-16 Addiscombe Road
    Croydon CR0 0XT +44 (0) 20 7759 7514

    Australia

    Melbourne

    9 Yarra Street
    South Yarra
    VIC 3141 +613 (0) 8651 4500

    Sable International is a trading name of 1st Contact Money Limited (company number 07070528), registered in England and Wales. We are authorised and regulated by the Financial Conduct Authority in the UK (FCA no. 517570), the Financial Services Conduct Authority in South Africa (1st Contact Money [PTY] Ltd - FSP no. 41900) and hold an Australian Financial Services Licence issued by ASIC to deal in foreign exchange (1st Contact Group - AFS Licence number 335 126).

    We use cookies to provide the best website experience for you. Using this website means that you agree to this. How we use cookies.