There’s no doubt that HMRCs online services have been a great success, levels of engagement continue to increase and we are continually looking to improve the experience for you but with increased digital activity comes increased digital risks.
There are 43,000 paid agents serving 8million clients and 70% of SMEs employ an agent for at least some of their affairs, that’s a market that’s being targeted by fraudsters through phishing and bogus emails.
Tax phishing emails purporting to be from HMRC are on the rise, some scams are more sophisticated than others but there will always be tell-tale signs giving the scammers away, I’d like to highlight some of those.
We know phishers will send high volumes of mail in one go and while they may have your email address they won’t have your name, if you get a “Dear Customer” email, be cautious. Scammers are using increasingly sophisticated methods, including social engineering, to craft their phishing emails in such a way that they appear both genuine and relevant to the recipient. We will never directly notify you of a tax rebate by email and we will never ask you to disclose personal or payment information by email. If you have the slightest doubt don’t open attachments, there could be viruses contained in them, don’t click on links which could take you to bogus websites with bogus webpages designed to look like the homepage of HMRC that have one aim, to trick you into disclosing personal/ confidential information, and can I ask you to report it at firstname.lastname@example.org
If you think you might have disclosed personal information in response to a bogus email, act quickly give us details of what’s happened, what’s been disclosed and send it to email@example.com.
So how can you spot a bogus email?
A genuine HMRC email won’t ask for passwords, credit card details or bank account details but an identity thief certainly will.
If you are unsure or something just doesn’t feel right, take that moment and click below, a lengthy link but a valuable one.
HMRC and agents are working well together so help us prevent internet scams and phishing by reporting your suspicions to us and sharing this message with your clients and colleagues.
It’s the responsibility of us all to remain vigilant, working together we will beat the scammers. Our security teams would like to see any scams that you come across so they can look to address the issue, so please let them know at firstname.lastname@example.org