HMRC guidance on identifying Phishing and bogus emails

Kingly Brookes, March 10th, 2015

It is an unfortunate fact that, whatever medium you may be using, there will be unscrupulous characters attempting to relieve you of your property! HMRC have recently released guidance on the phishing emails and bogus contacts that they are aware of, and what to look out for in your inbox. The guidance notes that they will not contact individuals via email about tax rebates or refunds and they certainly will not ask for personal information or payment details in an email or SMS. Clicking links could be harmful to your computer, tablet or smart phone and may lead to financial loss.

Examples of phishing that have been brought to HMRC’s attention include an email stating that the addressee is entitled to a tax refund and it contains links to a fraudulent web page which looks similar to a genuine HMRC page. This page collects all the information necessary for the sender to commit credit card fraud on the victim’s accounts.

Another bogus email asks the customer for personal information such as a passport or a bank statement to be emailed to Many of the examples include attachments with malware and are not only being sent to individuals; employers and companies are also being targeted.

Whilst some of the scams include incorrect spelling and names, the scams are growing in number and the fraudsters are becoming more sophisticated. If the email or SMS looks suspicious, HMRC’s advice is to forward the email to them for verification.

If you think that you have been contacted by an HMRC scam, please report it by forwarding details to and delete the email. Do not open any attachments or click any links within the email, as they may contain malicious software.

Our view

Guidance such as this may well enable you to avoid being the victim of this type of crime. As ever the best defence may be to bear in mind that if it looks too good to be true then it probably is! Please see this link for the full HMRC guidance and a full list of HMRC’s identified scam email addresses and phishing examples can be found here.