We use cookies to create a secure website, and deliver the best service possible. For more information, click here.

As January 31st looms ever closer, individuals are rushing to get their self assessments submitted to HMRC.

Whilst many will owe the tax man some money, some will be entitled to a rebate or refund.

But beware of the fake tax man! At this time of year we see hundreds of stories of HMRC fraud, mainly of fake refunds that are actually intended to steal your personal or financial details. 

Fraud in your Inbox

Phishing emails are one of the most common types of HMRC fraud. An email will be crafted to look as though it has come from HMRC, indicating that they have reviewed your financial activity and are due a refund or rebate. Usually, they will ask you to visit a webpage and submit your details in order to receive the money.

Instead, the fraudsters use these webpages to collect your sensitive data including bank account and credit card details.

Below is an email that one of our own members of staff received. 

Here's how she recognised the email as a fake.

  1. The email 'from' address was not a HMRC email address
  2. The reference number did not relate to any references HMRC provided when the self assessment was submitted
  3. The link was to a non-HMRC website
  4. Finally, HMRC won't ask you to provide financial information via an email, here's what they say...

"We’ll never send notifications of a tax rebate or refund by email, or ask you to disclose personal or payment information by email."
From HMRC's website 

SMS Fraud

Sometimes HMRC will send you text messages, but again, they will never notify you of a tax refund via SMS. As with emails, real HMRC texts wont ask you to provide personal or financial details in either a reply or on a linked webpage.

More HMRC Fraud Examples

Phishing PDFs in emails

As well as dodgy links in emails and text messages, HMRC also warn against emails that contain PDFs. These phishing emails and documents contain links to a webpage where you're asked to enter details that would then give the fraudsters access to your accounts.  There's also the possibility that the PDF downloads contain malicious malware that will try to access your details hosted on your PC or device.

Social Media

Direct messages on social media sites including Twitter are unlikely to have come from an official HMRC social media profile. They definitely won't ask you to send any personal or financial information in the reply. 

Phone Calls

Fraudulent phone calls have been reported where someone pretending to be from HMRC requests your details in order to issue a tax refund. In other cases they threaten a lawsuit if a payment isn't made immediately. These phone calls often target the elderly or vulnerable people. If you can't validate the identity of the caller, cease the conversation.

Reporting Fraud

HMRC takes these types of fraud seriously, and regularly release examples of phishing scams that have been reported to them, to raise awareness. If you have received a fraudulent HMRC message via email, text, social media or over the phone, report the details to [email protected]

Date published: 24/01/2018

Contact us