Don’t get caught in the phishing net...

Published on 26 February 2013

If you receive an email promising you a tax refund in exchange for your personal, credit or banking details, on no account should you respond. Instead, contact HMRC immediately to report the matter.

HMRC advise taxpayers to contact them immediately if they have received an email promising a tax refund in exchange for personal, credit or banking details. Despite HMRC action to close down 522 illegal sites operating phishing scams in 2012, almost 80,000 tax rebate phishing emails were reported last year.

Originating in a number of countries, including the US, Russia, and Japan, as well as central and eastern Europe, phishing emails run the risk of opening a recipient’s account to fraud; details obtained from taxpayers are often sold on to organised criminal gangs and can result in a hefty financial loss.

Often linking to a clone of HMRC’s website in an attempt to pass themselves off as genuine, these tax rebate emails typically request personal details such as your name; address; date of birth; bank account number; sort code; credit card details; national insurance number; passwords and mother’s maiden name. They often begin with the sentence ‘we have reviewed your tax return and according to our calculations of your last years accounts a tax refund of XXXX is due’.

How to contact HMRC

If anyone believes they have received an email similar to this, they should send it to phishing [at] before deleting it permanently. HMRC only contact taxpayers with regard to genuine tax rebates by post; they will never email. Legitimate tax rebate forms (P800s) will contain a payment order and will not ask you for credit or debit card details.

Although HMRC work closely with law enforcement agencies to target the criminals behind these scams, they advise the public to check the list of known phishing addresses published at and forward any suspicious emails to them. Do not click on any websites or links contained in suspicious emails or open attachments. Anyone who has answered one of these emails or feels that they might have fallen victim to a phishing scam should forward the email and disclosed details to security.custcon [at]

If you have any further concerns about staying safe on the web, follow the advice from


Contact: Robin Williamson (please use form at