How to spot HMRC phishing emails lurking in your inbox

Edward Parker FCCA details the emails disguised in HMRC's name designed to defraud you of your money.

Fraudsters are generating phishing emails by posing as HMRC in order to gain access to people’s bank accounts. It appears the occurrence of these emails has become increasingly common as a Which? survey found that of 2016 adults, 40% had received communication of this nature.  You're most likely to receive these scams around tax deadline dates, so we've put this blog post together to highlight the deceitful messages that could be loitering in your inbox.

What do the phishing emails look like?

The general format of these e-mails can look very convincing as they make use of genuine HMRC branding. Sometimes emails are signed off with the name of an actual HMRC employee making them seem even more realistic.  The contents will generally be offering you a tax refund and asking for bank details in order for the money to be refunded.

The amount offered is usually up to £500, so as not to raise the recipient’s suspicions. The main aim of these emails is to extract money from your bank account, get you to send money or to gain enough personal information about you to sell you details to identity theft criminals. Throughout this post we've provided you with image examples of the kinds of emails being used to scam the public.

If you receive one of these emails you may be asked for information including your name, address, birth date, mothers maiden name, bank details and national insurance number. 

When HMRC will genuinely contact you by email

HMRC will never send notification of a tax reimbursement or ask for personal or payment information by email. 

You may receive digital contact from HMRC for the following reasons:

• VAT Mini One Stop Shop (MOSS) - If you registered for VAT MOSS then you'll receive messages to the email address provided
• Employer email alerts - Emails will be sent several times a year to employers who have registered to receive them. They tend to be titled ‘Important information for employers’
• Annual tax summary - the self-assessment team issue email alerts, with the title ‘How your tax and National Insurance is spent’, to some people notifying them that their annual tax summary is ready to view
• Self-Assessment reminders - If you haven’t sent your Self-Assessment tax return or you owe any Self-Assessment tax you may receive an e-mail reminder. These are sent from 16 January and if you have opted for digital instead of paper contact for Self-Assessment you will get email alerts from HMRC
• PAYE notices and reminders - If you have signed up for reminders and notifications as part of the PAYE online service you will receive an automated email when there is something new for you to view.  You will also receive electronic reminders if you do not send your payroll submissions on time or you're late making payments to HMRC
• Educational emails - emails will be sent periodically to customers to support their business life events. These will include links to relevant online education material and will appear in your address bar as no-reply@hmrc.gov.uk

Even in genuine contact circumstances HMRC will never ask for payment or personal information by email. HMRC will send legitimate P800s tax rebate forms by post, which will contain the payment order.

How can I tell if an email is fraudulent?

Initially check the address. They will often have ‘HMRC’ or ‘revenue’ in the address but will not usually have the correct ‘@hmrc.gov.uk’ address, although even this is not fool proof.

Some key things to watch out for within the content of the email:

• If it's asking you for personal or payment information then it's not genuine
• HMRC will never send notification of a tax rebate by email
• Fraudsters want you to act quickly; genuine communications will not contain phrases such as ‘you only have 3 days to reply’ or ‘urgent action required’
• Fraudulent communication will often contain links to webpages that may look like the homepage of HMRC but is in fact a fake website. Tell tale signs include links to bank/building society pages or display fields requesting personal details
• Generic greetings such as ‘Dear customer’ is also a sign of a fraudulent email, the fraudster has your email address they may not have your name
•  Attachments may contain viruses or malware designed to steal your personal information

You may also receive letters from HMRC and Concentrix regarding tax credits. Concentrix is a company that has been working with HMRC to check that people are receiving the right amount of tax credits. HMRC are also sending SMS and voice text messages to a number of tax credit customers where the income details differ from the information shown on their employer records.

What should I do if I suspect I have been sent one of these fraudulent emails?

If you believe you have been sent one of these emails then be sure to forward it on to phishing@hmrc.gsi.gov.uk. If you receive suspicious text messages then you should forward these on to 60599.  

Never give your personal or bank information to the sender. If you have already done so you should send details to security.custcon@hmrc.gsi.gov.uk. Do not disclose any personal information in this email but just report the type of information you submitted such as ‘I gave my full name and date of birth’.

The Revenue will act upon all HMRC related phishing emails and remove reported fraudulent websites. Most of these fraudulent sites are hosted around the world in countries including the USA and Russia.

I have already responded to a fraudulent email, can I get my money back?

Unfortunately there is no mechanism to get money back from a transaction you have authorised, as your bank will view this as money you have willingly paid out. Therefore it is of the upmost importance that you identify and avoid these criminal forms of communication.

Remember, any email requesting bank details should be looked at with suspicion that it's likely to be fraudulent. Extreme care should be taken to verify its authenticity. 

The content of this post is up to date and relevant as at 20/03/2017.

Please be aware that information provided by this blog is subject to regular legal and regulatory change. We recommend that you do not take any information held within our website or guides (eBooks) as a definitive guide to the law on the relevant matter being discussed. We suggest your course of action should be to seek legal or professional advice where necessary rather than relying on the content supplied by the author(s) of this blog.