Business owners usually receive dozens of emails a day. Many of them look very official, but how can you identify those that are scam emails as opposed to official HMRC communication? And, what should you do if you receive a bogus HMRC communication?
Last week we reported that HMRC have been clamping down on fraudulent text messages. This week we follow up with some tips on what what to watch out for and the best practice to follow while conducting your tax affairs on and offline, so that business owners don’t end up on the wrong end of a scam HMRC email or phone call.
Spotting the Scammers
It’s a sad fact that business owners are frequently targeted by scam email and phishing campaigns masquerading as official HMRC documentation. However, email isn’t the only channel through which scams can occur.
As we mentioned last week, text messages, telephone and social media are all used by scammers to try to obtain a taxpayer’s personal, business and banking details, usually offering tax rebates and refunds.
Spotting them is hard, as they can appear very plausible, but there are some simple rules to follow when it comes to spotting and dealing with scam emails.
Rule 1 – Never Disclose Private Information
It sounds simple, but people often get caught out by not following this number one rule. You should never disclose private information in response to communication that you’re not sure is genuine. If in doubt, always check with an official or talk to your accountant before responding to any request for personal or banking information.
HMRC does issue emails and text messages from time to time, but these messages will never ask for personal details or financial information. If you receive a message asking for such details, never respond, and do not open message links, including those claiming to direct you to a form to process your tax refund.
There have also been reports of HMRC phone call scams too, which often target the vulnerable and elderly. Taxpayers are usually asked to provide bank details under the threat of police involvement if they refuse. HMRC will never do this. If you are unsure of the identity of the caller, do not engage with them and never disclose your personal details.
Rule 2 – Know How HMRC Usually Makes Contact
HMRC has stated that, with regard to tax matters, it will never use emails or text messages to notify taxpayers of tax rebates or penalties, or to request personal or payment information.
This means that any message that purports to be from HMRC will not ask for your information and will only come from a single, official email address.
Scam addresses often closely follow genuine HMRC email addresses, but with slight differences. According to HMRC, the following email addresses are scam emails, and taxpayers should neither visit the website within the email nor disclose personal information to these emails.
These scam emails often use a generic email greeting, such as “Dear Customer”, wherease a legitimate communication from HMRC will most likely use your name. In the same way, if the communication has asked for “urgent action” or similar, you should be wary
HMRC never requests information via social media. If you receive a message on social media asking for information, it will have been sent from a fake HMRC account and you should not respond in any way.
Rule 3 – Never Fill An Online Form Outside The Official Gateway Site
Scam emails will try to take you to an online form, which asks for personal information, such as name, address, date of birth, account number, sort code, card number, card expiry date and card security code etc. They can even generate false tax refund number.
They may look like genuine HMRC communications, but always remember Rule 1 and never disclose personal information in an online form to which you have been directed from a supposed HMRC email.
Rule 4 – Never Download or Open Attachments From An “HMRC” Email
HMRC do not send through attachments or PDFs. Whereas, scam emails may contain a downloadable attachment in PDF format, which taxpayers are encouraged to access in pursuit of a tax refund.
Never download or open the attachment or respond to the email.
Rule 5 – Forward Suspect Messages To HMRC
HMRC guidance asks taxpayers to forward any suspected scam emails, text messages or social media messages they have received to the following address:- firstname.lastname@example.org. Then delete the original email.
Text message scams can also be forwarded to 60599 though these are subject to network charges.
If you have been the victim of a scam, you should report it immediately. Contact the HMRC security team at email@example.com with a brief description of what has been revealed, but do not provide personal details in the email.
If you have suffered financial loss as a result, you should report the incident to Action Fraud.
Any doubts you have about any correspondence, the HMRC phishing team will be able to help you. A list of official government websites and phone numbers can be found here.
The most important rule of all is to remember that if an email doesn’t seem right, or you’re unsure as to the identity of the sender or caller, do not engage or respond, but notify HMRC straight away.