Criminals use clever schemes and tricks to defraud millions of people each year. They often combine new technology with old tricks to get people to send money or give out personal information. So, what is phishing, how can you spot it and what should you do if you’re targeted?

Wolf hiding as a sheep

Why do scams succeed?

Wherever there’s opportunity to make some easy money, you can be sure that criminals are ready to take advantage. Criminals target thousands of taxpayers with bogus emails, texts and even social media messages that seem genuine. Advances in digital communication have opened countless channels for scammers to target you and impact your finances, security and peace of mind.

Cons can look like the real thing and are designed to catch you off-guard when you’re least suspecting it.

Electronic communication and transactions are a key part of HMRC’s business, so here are a few cons to be aware of and advice on what to do if you think you’ve been deceived.

Who’s at risk?

We’ve all seen fake emails and text messages claiming that we have won a fantastic grand prize. Scammers are growing sophisticated in their attempts and can target everyone.

The most widespread scam today

From: GOV.UK-HM Revenue & Customs 9031609552407800212@2160162795.tax.co.uk
Sent: Thursday, 14 March 2019 10:24 PM
To: xx@hotmail.com
Subject: refID: 308884106011 – Your tax is Ready

Dear customer,

You are receiving this notice from HM Revenue & Customs with information about your available refund credit of 254.36 GBP, and how to return your funds electronically using the online platform.

Please note that this process can only until the 14th of March 2019. After the due term of this process you can only request your refund via postal service or in person at any HM Revenue & Customs office.

If you need a refund from us, take a look at the following links:

  • What if I had an overpayment HMRC tax bill?

You can also get your refund by direct debit. Visit GOV.UK for the information you need.

If you’ve already got your refund by post – thank you.

Andrew Walsh
Head of Digital Communication Services

Scam emails ask you for personal information like passwords or bank details - this is called “phishing”. This is a type of online fraud that involves getting an individual or organization to disclose sensitive information under false pretences that have been expertly manufactured by the attackers. If you’re unsure of how to spot a scam email from HMRC, take note of these tell-tale signs:

  • The email or website address is strange or comes from a free email provider like Gmail
  • The email is not addressed to you, the recipient by name - “Dear customer” is not an identifier
  • There are spelling and grammatical errors

Phishing emails can trick you into visiting fraudulent websites disguised to look like a valid ecommerce or banking site. For example, you may think you’re logging into your personal bank account, but instead, all your personal information is being sent to a thief.

Fraudsters own email addresses with names associated with HMRC like Revenue, HMRC or gov. Impostors can spoof the “from” address to look legitimate. For example: the address may look like it’s from refunds@hmrc.gov.uk, but if you hover over the link and look at the bottom left-hand corner of the page you’ll see the true link that the text leads to. This will not end in @hmrc.gov.uk at all. The best practice if you’re unsure if it is a scam email - do not open it.

Here is a list of email addresses known to have been used in HMRC scams:

  • service.refund@hmrc.gov
  • secure@hmrc.co.uk
  • taxrefund-notice@hmrc.gov.uk
  • taxrefund@hmrc.gov.uk
  • refund-help@hmrc.gov.uk
  • refund.alert@hmrc.gov.uk
  • refunds@hmrc.gov.uk
  • HM-Revenue-&-Customs@ztoro.com

Phishing texts

You have a pending Tax Refund of 265.84GBP from HMRC.
To proceed your application please complete your form via hmrc.gov.signin-uk.com.

It’s no surprise that SMS phishing attempts are a growing trend for opportunists when you look at the statistics.

  • There are more than six billion mobile phone subscribers in the world
  • Nearly two thirds of all adults with a mobile phone use text messaging
  • More than 90% of text messages are opened within 15 minutes of being received
HMRC may occasionally send you a text message, but they will never request personal or financial information from you via SMS. Do not respond or open any links contained within the message.

Unsolicited calls

“Hello, this is a final warning from Inland Revenue with HMRC regarding a criminal prosecution on your name. Urgently call us back on 3300010202 to avoid further legal action. Thank you.”

In the six months leading up to January, HMRC revealed that it experienced a 360% increase, over 60,000, in reports of phone scams.

As HMRC has cracked down on email and SMS phishing, fraudsters are now turning to older methods such as cold-calling publicly available phone numbers. Often these calls are to landline numbers and target vulnerable elderly individuals.

A few tips to avoid these phone scam tactics:

  • Don’t assume the caller ID on your phone is proof of whom you’re speaking with
  • If you receive a phone call asking for personal information, don’t respond before checking with official contact information
  • Don’t trust someone because they have personal information about you – scammers have ways of getting information to make their lies believable
If you are ever unsure of whom you are speaking to – hang up the phone and contact the relevant department using one of the numbers or online services available from gov.uk. If HMRC called and you did not pick up, you wouldn’t see a number on your missed calls due to the phone system they use.  

Robocall scams

Similar to cold-call scams, robocalls are automated phone calls that deliver recorded messages. These are mass delivered to phones and automatically play a message when the receiver answers the phone.

There is an automated phone call scam that tells people HMRC is filing a lawsuit against them, and to press one to speak to a caseworker to make a payment. HMRC has confirmed this is a scam and advises to end the call immediately.

To report a phone call scam and ensure the fraudsters are caught, note the date, the number as well as what the call said. This helps HMRC to clamp down on that particular scam.

Social media scams

Hi Pamel, I’m Joshua from HMRC Customer Support. In accordance to your P60 refund policy for every TaxPayer, you might be eligible for a possible refund. Please visit bit.do/dwyBZ for more information. A confirmation email will also be sent to you immediately after, you can also confirm with your bank for more information. Thank you ^JS

Just as social media makes it easier for legitimate business, it also makes it easier for scammers and cyber criminals. On Twitter, for example, these fraudsters are sending direct messages to unsuspecting users offering an HMRC tax refund.

HMRC would never offer a tax rebate or request information via a social media channel.

How do I know if I’ve been scammed?

  • Unexplained bank transactions on your bank account
  • Additional financial products you don’t remember taking out reflect on your credit report
  • Bank statements meant for your address aren’t delivered – this could be a sign of ID fraud

Protect yourself

A short summary of how to guard against fraudsters:

  • Resist the urge to act immediately on the text, email or message
  • If you are unsure to whom you are speaking – hang up and call the department directly
  • Do not open suspicious texts, pop-up windows or click links or attachments in emails
  • Use privacy settings and passwords on all your devices and online accounts
  • Do not use the same password for multiple accounts and change them often
  • Be cautious about what you share on social media and only connect with people you know

Reporting scams to HMRC

Even if you did not give the scammer your personal information, you should still report it. This helps HMRC understand what’s happening and can lead to investigations and bring down these swindlers.

  • Forward suspicious emails claiming to be from HMRC to phishing@hmrc.gsi.gov.uk
  • Send any fraudulent texts you receive to 60599
  • Report suspicious calls by contacting Action Fraud on 0300 123 2040
  • Use the HMRC online fraud reporting tool

We take online security very seriously and hope this advice helps you to guard against fraudulent activity.

If you’re looking to claim back your overpaid tax from HMRC do it securely through our experienced and reputable accounting team. Take a few moments to complete our online Tax Refund Claim Form or give us a call on +44 (0) 20 7759 7530.

We are a professional services company that specialises in cross-border financial and immigration advice and solutions.

Our teams in the UK, South Africa and Australia can ensure that when you decide to move overseas, invest offshore or expand your business internationally, you'll do so with the backing of experienced local experts.