In this age of wonderful technology, there are sadly cases where such wonderful advances are used for the wrong reasons. Don’t give out private information (such as bank details or passwords), reply to text messages, download attachments or click on any links in emails, if you’re not sure they’re genuine.
In case you are ever unsure of a communication you’ve received about your taxes, the Government keep an updated list online, of all the digital and other contact issued from HMRC.
Fraudulent emails are often rife with spelling mistakes and bad grammar – so if you’re already getting the idea that this message isn’t from who they claim to be, there are a couple of other give aways.
The main way of spotting a bogus email is senders email address. Phishing emails will generally use a similar address, so at a passing glace you wouldn’t notice that it’s not quite right or to mislead you if you do take a closer look (for example: email@example.com). There are many examples of bogus addresses and emails on GOV.UK.
However, fraudsters are able to falsify (spoof) email addresses so that they look genuine (such as those ending in @hmrc.gov.uk). So if you're unsure about the legitimacy of the email, do not click on any links or even reply – forward these emails straight to firstname.lastname@example.org.
Another clue is in the content of the email. Fraudsters will generally send huge numbers of phishing emails at a time, but even though they may have your email address, they don't generally know your name – so be aware of generic greetings that don’t use the name you’ve given HMRC.
Scam emails will often insist on your immediate and urgent action, or say you only have a few days to do something. These emails may also contain links to authentic-looking webpages, where you are asked to fill in personal or confidential details – sometimes these emails may even include genuine links to HMRC webpages to try and convince you that the email really is from HMRC.
Phishing emails may also include attachments, which are actually viruses that are created to steal your personal information. HMRC will not send you attachments via email without asking for your permission first.
If necessary, you’ll be asked to log in to your online account to check any information, but HMRC emails won’t:
Government Gateway and GOV.UK Verify use two-step authentication as an extra level of security when you are logging into your online account – this means that when you try to log in to your online account, you will be sent a text message (an SMS) with a pin code to enter online, to prove that you are the person you say you are. This stops someone else being able to access your account, even if they have your password.
If you receive Tax Credits, HMRC may send you a text or voice messages asking you to log in to your accounts to update or confirm the details of their circumstances, to remind you to renew your Tax Credit claim – these messages will not ask you to provide any personal or financial details, only request that you visit GOV.UK to renew online. HMRC may also send you a text message confirming that they have received your Tax Credit claim or renewal, or that they have processed your change in circumstances.
There have been reports of tax scams via text message – these generally follow similar patterns to those sent by email, such as a generic greeting, an urgent deadline, and links to bogus webpages.
Scamming websites put quite a lot of effort into looking like the real deal and trying to convince you that they provide a service that they actually don’t. For example, they may try to persuade you that you can renew your passport for less than going through official government channels.
You can search GOV.UK for official government services and their phone numbers, and use this to find out if the department you’ve been contacted by are who they say they are, or if they’re even real!
You can forward suspiscious tax text messages to HMRC on 60599 (these will be charged at your standard network rate), or forward suspicious emails to email@example.com.
If you think you might have disclosed some personal information to a suspicious email or text, contact HMRC security team and tell them what has happened – tell them what you’ve disclosed but don’t include any personal details in your contact (i.e. that you have disclosed your HMRC User ID, but don’t tell them your actual User ID) . Their email address is: firstname.lastname@example.org
You should report fraud to the UK’s National Fraud & Cyber Crime Reporting Centre, Action Fraud – they work with the National Fraud Intelligence Bureau (NFIB), take information about fraud on behalf of the police and provide advice about preventing fraud. If you as an individual have been a victim of fraud, attempted fraud or other cyber crime, you can report it Action Fraud with their online reporting tool or speak to an online advisor with the live chat tool. If you prefer to use your phone, you can call (0300 123 2040) or text (0300 123 2050).