HMRC gone phishing?

Phishing is the fraudulent act of emailing a person in order to obtain personal or financial information. HMRC has issued guidance to help recognise fraudulent emails.

HMRC are increasingly providing online services for taxpayers and their agents but this means a higher risk of phishing and bogus emails. These emails often ask for personal information such as date of birth, bank details or passwords. With a Self Assessment tax payment date coming soon on 31 January 2016, this may be the time to be wary of online fraudsters.

HMRC have confirmed that they will never send notifications of a tax rebate by email and will also never ask people to disclose personal or payment information by email. In addition HMRC have responded to these attacks by issuing guidance on how to tell if an email is fraudulent.

How to tell if an email is fraudulent

Often the fraudster will create an email address which looks similar

to HMRC’s email address for example ‘refunds@hmrc.gov.uk’. More examples of false email addresses can be found in a list provided by HMRC – https://goo.gl/3QLfie

Another risk area is a link to a bogus website in an email or text. The page may look genuine but it often contains links, display fields or boxes which ask for bank or credit card details and passwords. HMRC have warned that some phishers also add links to genuine HMRC websites to try and make the emails appear genuine.

Fraudsters often send high volumes of phishing emails in one go and they may therefore start the email with generic greetings for example ‘Dear Customer’ rather than a name. Lastly caution should be taken with any attachments on the email as these may contain viruses which are designed to steal personal information from the recipient’s computer.

Reporting phishing emails

HMRC have advised that any suspicious emails should be sent to phishing@hmrc.gsi.gov.uk. Where personal information has mistakenly been supplied in a reply to an email or text the details of what has been disclosed eg name, address, but not the actual details, should be sent to security.custcon@hmrc.gsi.gov.uk.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s