Muras Matters: HM Revenue & Customs and ‘Phishing’ Emails

HM Revenue & Customs
And ‘Phishing’ Emails


HM Revenue and Customs (“HMRC”) have recently warned again of ‘phishing’ emails being sent out by fraudsters in the run up to the Self Assessment deadline tomorrow. At this time of year many taxpayers in the Self Assessment regime are expecting to receive refunds and therefore don’t always recognise such emails, purporting to be from HM Revenue & Customs, as suspicious.

These emails often promise refunds and include a link to a fake replica of HMRC’s website. The website then asks for credit or debit card details, passwords or other sensitive information, which will then be used to try to take money from the victim’s bank account or steal their identity.

How to tell if an email is fraudulent

Here is a list of things to watch out for when receiving suspicious emails:

1. Spelling mistakes and poor grammar.

2. Incorrect email address – the sender usually has a similar but not exact match to an authentic email address.

3. Personal information – authentic HM Revenue & Customs emails will never:

a. notify you of a tax rebate;
b. offer you a repayment;
c. ask you to disclose personal information such as your full address, postcode, Unique Taxpayer Reference or details of your bank account;
d. give a non HMRC personal email address to send a response to;
e. ask for financial information such as specific figures or tax computations, unless you’ve given them prior consent;
f. have attachments, unless you’ve given prior consent;
g. provide a link to a secure log-in page or a form asking for information – instead we will ask you to log on to your online account to check for information.

4. Urgent action required – be wary of emails claiming to be from the Revenue and containing phrases like ‘you only have 3 days to reply’ or ‘urgent action required’.

5. Bogus websites – links to these are contained in the fake email and used to capture bank details and other confidential data.

6. Common greeting – fraudsters seldom have your name and will often use greetings like ‘Dear Customer’. HMRC usually use the name you’ve provided.

7. Attachments – these could contain viruses designed to steal your personal information.

These emails are, of course, not restricted to Self Assessment and all taxpayers are at risk. HMRC have confirmed they will never ask people to disclose personal or payment information by email and have asked those receiving such requests to forward emails to .

If you have any questions on the above or if you are concerned about authentic correspondence from the Revenue please contact our Tax Director, Jenny Marks.

To see our other news items please visit our Muras Baker Jones – Blog.