We’ve all heard horror stories about scam emails and the money that they try to take off you. What you don’t expect is for the emails to come from a trusted source, or so it seems, like HMRC. Read on to find out how to protect yourself from bogus emails.
Currently there is a lot of HMRC scam emails being delivered to email inboxes and you could have been targeted. We have seen as many as three different phishing emails that claim to be from HMRC regarding tax returns. Figures from Get Safe Online, the Government cybersecurity body, found that phishing attacks rose by 21% in 2015 and cost British consumers a total of £174.4m over the year. So, how do you spot phishing emails and how do you make sure that you never get caught out by these sorts of scams?
First look at the sent address of the email. In the correspondence we have seen the email addresses looked suspicious, however, however it is normally not quite so easy to spot.
Look out for a sender’s email address that is similar to, but not the same as, HMRC’s email addresses. Fraudsters often have email accounts with HMRC or revenue names in them such as ‘firstname.lastname@example.org’. However, be aware, fraudsters can falsify (spoof) the ‘from’ address to look like a legitimate HMRC address -for example ‘@hmrc.gov.uk’. If you’re not 100% sure that the message has come from HMRC then we would advise not to open it. If you do open the email and you’re in doubt don’t click on any links or downloads.
Something to be aware of is that HMRC will never ask for personal information in their emails. If you get an email around any of the following then do not open, reply or send any personal information.
Emails from HMRC will never:
- notify you of a tax rebate
- offer you a repayment
- ask you to disclose personal information such as your full address, postcode, Unique Taxpayer Reference or details of your bank account
- give a non HMRC personal email address to send a response to
- ask for financial information such as specific figures or tax computations, unless you’ve given HMRC prior consent and you’ve formally accepted the risks
- have attachments, unless you’ve given prior consent and you’ve formally accepted the risks
- provide a link to a secure log-in page or a form asking for information – instead HMRC will ask you to log on to your online account to check for information
Also, keep a look out for obvious mistakes in the email, be that spelling or numerical . For example, in emails that we have seen they made the obvious mistake of addressing the receiver via email address – ‘Dear Taxpayer, email@example.com’- HMRC would never address you in this way. An official HMRC email would greet you by using the name you provided to them and will always include information on how to report phishing emails.
The numbers in the above email also don’t add up, the body of the email informs recipients that they’re due £290.25 from their tax return, however, in the refund details at the bottom of the email the figure stands at £490.25. It is key to look for spelling and numerical mistakes in all emails that you think may be a scam.
Fraudsters will also ask for immediate action. Be wary of phrases in emails such as: ‘you only have three days to reply’ or ‘urgent action required,’ these are telling signs of a scam email. In the emails that we have seen the immediate action was to create a Government gateway account and to do so before February 4th in order to claim a tax refund.
A final point is to never open attachments in emails that you deem to be scams. Clicking the attachments, which could contain viruses, may steal your personal information. If you do suspect that you may have received a scam email always be cautious and definitely don’t open any attachments. Safety first.