Don’t be fooled by appearances. That message from HMRC might be fake.
Received an email from HMRC which sounds too good to be true? The chances are it probably is, writes Emma Woods. You may have entered the world of phishing and fraud.
At least once a month, I’ll pick up a call from a client who tells me they have received an email from HMRC about a tax refund. Not surprisingly, they’re often a little surprised that we haven’t already dealt with it on their behalf.
My first question will always be: ‘Have you replied to the email?’
That’s because I know that they may well have compromised their security, even before they’ve got on the phone to me.
As accountants, we’ve become pretty wise to this kind of thing. Only last week I heard a colleague telling a client that she would buy him a drink if the email in question turned out to be genuine!
These emails often seem very convincing, although the reality is that HMRC never notifies anyone of a tax rebate by email or offers a repayment that way. So how can you protect yourself?
HMRC have just issued new guidance entitled ‘Genuine HM Revenue and Customs contact and recognising phishing emails’. This document explains the circumstances under which the Revenue will make direct contact and also includes a number of points to look out for.
The first and most obvious one is spelling mistakes and poor grammar, as these are a common feature of a bogus or so-called ‘phishing’ email. Here are some others:
Incorrect ‘from’ address
It is possible that fraudsters can falsify the ‘from’ address to look like a legitimate HMRC address (@hmrc.gov.uk), although it may also be that they use something similar to mislead you (eg firstname.lastname@example.org). If you’re in any doubt, don’t open the email. And if you do open it, but are dubious about the content, do not click on any links or downloads.
Fraudsters will seldom have your name, so the way they address you may be a giveaway. If you have signed up to HMRC subscription services, they should usually use the name you’ve given them. It won’t be addressed to ‘Dear Customer’ or similar.
Requests for urgent action
Fraudsters like to put you under pressure to reply, claiming that their request is ‘urgent’ or that you only have three days to respond. This is not what you would expect from a genuine HMRC email.
It’s worth remembering that HMRC will never ask you to disclose your personal information such as full address, postcode, Unique Taxpayer Reference or ask for details of your bank account. They will never request financial information such as specific figures or tax computations, unless you’ve given prior consent. And they will certainly never ask you to respond to a personal email address.
When they want you to access information online, they will ask you to go to your account and log in. They will not provide a link to a log-in page or a form. Remember, any fake pages scammers create may well look genuine at first glance. If they contain links to banks/building societies, however, or have fields and boxes requesting passwords, credit card or bank account details, be very suspicious.
For more information, please visit: https://www.gov.uk/government/publications/phishing-and-bogus-emails-hm-revenue-and-customs-examples/phishing-emails-and-bogus-contact-hm-revenue-and-customs-examples