HMRC refund notification? Don’t fall for it!
It’s tax return season and HMRC tax refund scammers seem to have gone in to overdrive! If you receive an email or text purporting to be from HMRC about a tax refund, firstly, DO NOT respond to it or click on any links. Secondly, forward it to HMRC and help them stop this sort of thing.
Throughout the year, but especially across January and February (since many people will have just filed their tax returns and are waiting for a refund), emails or texts may arrive purporting to be from HMRC.
Here is an example of the kind of emails that are being sent out. Although they may look quite credible, particularly ones with the gov.uk domain name in the email header, they are scams.
From: support [at] hmrc.gov.uk
Sent: Monday, 22 January 2018 07:27
Claim your Tax Refund
We are contacting you to inform about your outstanding tax return of £248.63 resulting from the overpaid tax for year ending in 2017. All the claims for refund are allowed for certain time period, a duration of 48 hours is allowed for claiming tax after dispatching of email.
© Crown copyright
What to look for
Some tell-tale signs of scam emails are: bad spelling/grammar, wording which unduly stresses that urgent action is required, the lack of a specific greeting, e.g. Dear Hannah Greene and incorrect from addresses – Government e-mails sent from the Government Secure Intranet (GSI) take the format name@[department].gsi.gov.uk.
You can also tell it is a fake because HMRC does not use email or texts to contact people about tax refunds. Ever. So any e-mail or text telling you that HM Revenue & Customs is offering you a tax refund is ‘phishing’.
Phishing is when someone sends a fake email or text, pretending to be from a legitimate organisation (in this case HMRC). They are designed to steal personal and financial details or deliver malware to your computer.
If you clicked on the button in the email above, the likelihood is that you would be taken to a site where you were asked to update or to verify your personal and financial information. This may include your date of birth, login information, account details, credit card or PIN numbers. Or you may start the process of downloading malware onto your computer putting your data and information at risk of theft, loss, attack or damage.
People should also watch out for refund texts too. Although the Government has recently started using technology to identify fraudulent texts that suggest they are from HMRC and stops them being delivered, some will still get through.
Scam texts may display something like ‘HMRC’ as the sender rather than a phone number to make them appear legitimate.
Some good news however, is that HMRC have also said they have initiated the removal of 16,000 malicious websites, meaning even if texts are delivered the phishing website that people are directed to in a text may have already been removed.
What to do if you get a suspicious email or text
Please forward suspicious text messages purporting to be from HMRC to 60599 (charges apply).
Please forward any phishing or scam emails that you receive or are suspicious about to: phishing [at] hmrc.gsi.gov.uk
If the worst happens and you have given them your details you need to contact security.custcon [at] hmrc.gsi.gov, and include brief details of what you disclosed, e.g. name, address, HMRC User ID, password, etc.
Do not give your personal details in the email.
It is also advisable to contact your bank and explain the situation as they may be able to offer advice on what, if any, action can be taken.
Further information about on the different kinds of online scams and links to advice on online safety visit our page ‘protecting yourself online’.