Top tips for spotting HMRC phishing scams

HMRC have recently updated their guidance to help taxpayers spot phishing scam emails.

Phishing is the fraudulent act of emailing a person in order to obtain their personal/financial information such as passwords and credit card or bank account details. The HMRC guidance is designed to help taxpayers to recognise genuine contact from HMRC, and how to tell when an email or text message is phishing.

How to spot a phishing email

Here are their top 5 tips for noticing fraudulent emails:

  1. The ‘from’ address is incorrect – fake ones often have email addresses which contain the HMRC or revenue names but these are often spoofed (falsified).
  2. It asks for personal information – HMRC never emails to notify you of a tax rebate or offer a repayment and they won’t ask you to send personal details such as your address, Unique Taxpayer Reference or bank account details. Also look out for any attachments or links to a ‘secure’ login page requesting your information.
  3. They are marked as ‘urgent’ or say you only have a certain number of days to respond
  4. They include links that look like genuine HMRC web pages but are actually bogus sites designed to get your passwords, credit card or bank account information.
  5. They start with a generic greeting such as ‘Dear Customer’ – fraudsters send a large number of phishing emails at once so they often do not include your name.

If you are concerned, HMRC has published a list of phishing examples on their website along with advice on how to report suspicious emails, phone calls or text messages.

Receive the latest news direct to your inbox