Whether it’s a bogus email or a fake phone call, scammers have more than a few tricks up their sleeves to get their hands on your personal details and your hard-earned money. Well fear not, with our up-to-date list of known scams we’ll help you spot a scam from a mile away.
Last updated: 16 January 2016
What you need to know
- General guidelines
- HMRC email scams
- Phishing websites
- Fraudulent text messages
- Phone calls
- What to do if you’re contacted by a scammer
1. General guidelines
One of the easiest ways to spot a scam email or text message is when the text contains spelling mistakes or poor grammar. HMRC always uses clear, concise language free from spelling and grammatical errors.
Here are a few things that HMRC will never do via phone, text or email:
- Notify you of a tax rebate
- Offer you a repayment
- Ask you to disclose personal information
- Give you a non-HMRC email address for responses
- Ask for financial information*
- Send an email with attachments*
- Provide a link to a log-in page or form that requires personal information
- Use a generic greeting such as “Dear Customer” or “Dear Applicant”
*Unless you have given prior consent to these actions and have formally accepted the risks
HMRC email scams
Phishing emails are the most common con used to lure the recipients into giving away their personal details to criminals.
Any email that notifies you of a tax rebate and requires you to download an attachment or click on a link is most likely fraudulent.
One popular scam advises you to request a refund via PayPal. You will be directed to a bogus PayPal website via a link in the email. If you fill in your details on this page scammers will capture your personal information to use however they see fit.
Emails that request additional account information from the recipient in order to perform a security check are most likely phony. These messages are often sent from email@example.com and contain links that should not be clicked.
Look out for email addresses that are similar to, but not the same as, HMRC’s.
An official HMRC email address will end with hmrc.gsi.gov.uk. However, these addresses can be mimicked by certain software, so ensure that you check for spelling and grammatical errors, as well as whether the content meets any of the criteria above.
Some popular email addresses used by scammers:
Another popular scam requests that you create a Government Gateway account. The link in the email sends you to a very convincing fake webpage where criminals steal the personal information you enter into the form on the page. There are a few versions of this email and the webpage.
Fraudsters will often sign off using the name of an actual member of HMRC to make the email appear more genuine. You can forward the email to firstname.lastname@example.org if you have any doubts about its authenticity.
Any emails that require urgent action, or threatens legal consequences if the instructions contained in it are not followed in a short time frame, are likely fake.
2. Phishing websites
These websites are closely related to email scams.
You may receive an email containing a link to a falsified webpage. These sites and pages look similar to HMRC’s website and are used to trick users into disclosing their personal information.
The pages are very convincing and usually link out to bank or building society webpages, or request that you enter confidential particulars, including passwords, credit card information and bank details.
HMRC will never ask for this information unless you have logged in to your personal account on their secure website.
Ensure that you check the address bar to avoid falling victim to this scam. If the site is secure, the address will begin with “https” and a lock will appear in the address bar. However, this is not a failsafe, and you should ensure that the web address is a known location for HMRC sites.
Fraudulent text messages
HMRC uses text messages to notify clients that they may claim a refund. However, they will never request that you submit banking or personal details via this channel.
A tell-tale sign that the text you have received is fake is the presence of links. Do not click on these links, respond to the message or call the sender back.
Fraudsters have started phoning unsuspecting victims to scam them out of varying amounts of money.
After answering the phone, you will be greeted with an automated voice message. There are two popular cons. One involves buying gift cards to be used to pay an outstanding amount on your account, the other is an offer of a tax refund.
You will be asked to follow the prompts, for example you’ll be instructed to press 1 to speak to a case officer. After that, a “case officer” will request that you either pay an amount into the caller’s account, buy store vouchers (often for iTunes) and send through the serial numbers, or hand over your bank account details.
If you receive one of these calls, you can use services like Who Called Me to verify the number and check if it is associated with any known scams. If you find that the number is connected to fraudulent activity or you cannot verify the identity of the case officer, do not disclose your personal information.
What to do if you’re contacted by a scammer
Your first step after being contacted by someone claiming to be HMRC should be to verify their identity.
If you can’t do that, it’s best to send HMRC an email with all of the details of the email, text message, website or phone call. You can also contact HMRC on their official website and report the activity to Action Fraud.