A Taxing Time of the Year: The HM Revenue & Customs Phishing Scam

HMRC Fake Emails: The HM Revenue & Customs Phishing Scam

Share with your network!
A Taxing Time of the Year: The HM Revenue & Customs Phishing Scam

 

Proofpoint has been hearing of a number of scams on the theme of HM Revenue & Customs (HMRC) in recent weeks. This comes as no surprise. Every year tax-based scams increase as we come to the self-assessment deadline of 31st January. HMRC has published a report stating that in the run up to last year’s tax deadline they received 900,000 reports of scams, with 100,000 the form of bogus phone calls.

Fraudsters use many tricks to scam us out of our hard-earned cash. If an event, like the end of a tax year, can be used to increase the success rate of a scam, they will use it. Unfortunately, both taxes and scams are guaranteed in modern life.

HMRC Tax Scams – What to be aware of:

HMRC Phone Scam (Vishing)

One of the scams we heard about, this past week has been the HMRC “Vishing” scam. So-called because it is a form of phishing carried out using a phone call, aka ‘voice phishing’. The profile of this scam is pretty typical for HMRC phone-based fraud calls. It goes something like this:

You receive a call, the caller stating they are from HMRC and that you have been assessed and now have a large outstanding tax bill. Consequently, you owe the Inland Revenue a large sum. The amount varies, but it is typically many hundreds if not thousands of pounds.

The fraudsters then threaten police action if you do not pay the amount immediately.

If you happen to miss the call, a voice mail will be left on your phone with the same threat of police action.

HMRC tax refund email scam

Phishing emails pretending to be from Gov.uk HM Revenue & Customs are also continuing to do the rounds. They usually take the form of a less threatening, tax refund. A link to claim the refund is in the email.

Example of realistic looking HMRC website used in HM Revenue and Customs scam email

When you click the link, you are taken to a realistic looking HMRC website which requires you to enter various personal details and often credit card or bank details too. If you enter these details and click submit, they go directly to the fraudster behind the tax refund scam.

Example of HM Revenue and Customs scam email

Text messages (SMiShing)

HMRC scams also come in the form of SMS text messages, known as “smishing”, and even WhatsApp messages. They take a similar format to the email phishing message, that is you are owed money and should click a link to complete a form to process the refund. The webform is, of course, hosted and controlled by a fraudster.

As HMRC themselves state:

“HMRC will never send notifications by email about tax rebates or refunds”

If you receive any suspicious calls, emails or mobile messages that seem to be from HM Revenue & Customs, send the details to:

phishing@hmrc.gov.uk

This time of year, you have a high chance of coming across either the phone or email version of the HMRC Phishing Scam.

Always stay vigilant when you receive any call that involves money.

And:

  • never give out personal or financial details in a call or email
  • do not click the link in the email or mobile messages from the suspected fraudster

Why not help your colleagues stay safe and send them this little reminder. Feel free to edit, copy/paste the advice below:

HM Revenue & Customs Phishing Scam

Phone calls, email, and mobile messages are being used to trick taxpayers into giving fraudsters their hard-earned cash. The scammers pretend to be from HM Revenue & Customs. If you receive a scam phone call, you may be threatened with legal action if you do not pay any tax you supposedly owe, immediately. HM Revenue & Customs scam emails often offer a tax refund which is processed once you give personal and financial details.

DO NOT RESPOND TO THESE PHONE CALLS OR EMAILS. HMRC NEVER SEND OUT NOTIFICATIONS BY EMAIL ABOUT TAX REBATES OR REFUNDS.

For more information on what to do if you receive a phishing email check out “What to Do if You Click on a Phishing Link?

Don’t forget to share this with your colleagues and friends and help them stay safe.

Let’s keep breaking scams!