In the last few weeks a couple of our clients have bought our attention to some suspicious emails which claim to be from HMRC. They are not!
Scam HMRC emails are nothing new but from what we have seen they have become incredibly convincing. Beware.
The emails are part of a phishing exercise that use bogus e-mails and websites. Their aim is to trick taxpayers into supplying confidential or personal information. Beware, the emails contain official looking logos and email addresses. However the messages aren’t genuine and therefore should be ignored. You can visit the GOV.UK website to see examples of some bogus emails.
Bogus emails are designed to trick people into disclosing personal or financial information. NEVER give out private information (such as bank details or passwords), reply to text messages, download attachments or click on any links in emails, if you’re not sure they’re genuine.
Phishing emails may also include attachments, which are actually viruses that are created to steal your personal information. HMRC will not send you attachments via email without asking for your permission first.
According to the official HMRC webpage emails from HMRC will never:
-notify you of a tax rebate.
-Offer you a repayment.
-Ask you to disclose personal information such as your full address, postcode, Unique Taxpayer Reference or details of your bank account.
-Give a non HMRC personal email address to send a response to.
-Ask for financial information such as specific figures or tax computations, unless you’ve given us prior consent and you have formally accepted the risks.
-Have attachments, unless you have given prior consent and you have formally accepted the risks.
-Provide a link to a secure log-in page or a form asking for information – instead we will ask you to log on to your online account to check for information.
You should also be wary if emails ask for immediate action. Phrases like ‘you only have 3 days to reply’ or ‘urgent action required’ are cause for alarm.
If you have any doubts about whether an email is genuine it is always best to err on the side of caution. The basic message is don’t give out any personal information (including bank details or passwords) and don’t click on or download any suspicious links. You should forward any suspicious emails to: firstname.lastname@example.org