guinine-hmrc-and-phishin

Phishing is the fraudulent act of emailing a person in order to obtain their personal/financial information such as passwords and credit card or bank account details. These emails often include a link to a bogus website encouraging you to enter your personal details.

HMRC have provided a useful record of Genuine HMRC contact and how to recognise phishing emails….

Current list of digital and other contact issued from HM Revenue and Customs (HMRC)

1.1 Marriage Allowance registration and application – email

From Monday 20 April to Friday 29 May 2015 HMRC will be sending out emails to customers who have already registered their interest in Marriage Allowance, inviting them to now apply. Customers will be asked to use the new GOV.UK Verify service before applying. For customers unable to use this new service a contact phone number will be supplied.

Only customers who have registered their interest in claiming Marriage Allowance will receive this email.

1.2 Tax credits – SMS text or voice prompts

HMRC are contacting some tax credit customers by SMS and voice message if the income details they’ve provided to HMRC differs from the information shown on their employer records. From April 2015 to 31 July 2015 tax credit customers who send in their renewal or a new claim will receive an SMS message confirming that HMRC have received their claim, and that it is being processed. Customers may also receive a message to remind them to renew their tax credits claim, these messages will only direct them to the GOV.UK website to renew their claims online.

These messages will not request any personal or financial information. Customers who are required to provide further information will be directed to the official GOV.UK website or an 03000 phone line.

1.3 VAT Mini One Stop Shop (MOSS) – email

From 20 March 2015 HMRC will send emails to customers who registered for VATMOSS.

HMRC will use the email address customers provided for receiving messages about secure communications. These emails never ask you to provide personal or financial information.

HMRC won’t ask customers to disclose any personal or payment information by text or email. HMRC are committed to ensuring the security of customer information.

1.4 Employer alerts – important information for employers

HMRC issue emails several times a year to employers who have registered to receive them. These emails never ask you to provide personal or financial information.

The latest batch of emails issued by HMRC will be sent from Monday 13 April. The emails are titled ‘Important information for employers’ and refer to Employer Bulletin 53 which includes a reminder to make your final submissions for tax year ending 5 April 2015, some top tips for running and reporting your payroll. The emails include links which direct recipients to pages on the GOV.UK website.

1.5 Agents online self-serve email invites

From 13 April 2015, HMRC will be inviting volunteer agents to try the ‘Agents online self-serve private beta service’ for PAYE employer accounts. These emails will contain a link to the service however they will not request personal or financial information.

1.6 Annual tax summary – email alerts

HMRC Self Assessment team are issuing email alerts to some customers advising that their annual tax summary is available to view. These are titled ‘How your tax and National Insurance is spent’. The emails explain what is contained within the annual summary.

1.7 Self Assessment – email reminders

If you haven’t sent in your Self Assessment tax return, or you owe any Self Assessment tax, you might get an email reminder from HMRC. This year, HMRC will send email reminders for the tax return and payment deadline of 31 January 2015. This will begin from 16 January 2015.

Additionally, if you’ve opted to get digital instead of paper contact for Self Assessment, you’ll get email alerts from HMRC. They’ll not ask you for any personal or financial information.

HMRC will send you 2 types of email:

  • verification that your email address works, this is sent immediately after you’ve signed up to the message service
  • telling you when there’s a new message for you

If you have any delay in getting the verification email, or you aren’t sure about its origins,log into HMRC Online Services and ask for a new verification email. Any other reminder messages won’t contain any personal information or links to login pages.

If you make any changes to your email address, you’ll get a new verification email but you’ll also get an email to your old account to confirm the change has happened.

1.8 PAYE notices and reminders

If you’ve set up email reminders and notifications using one of the options available inHMRC’s PAYE Online Service you’ll automatically get sent an email when there’s something new for you to view.

HMRC has also started to send electronic reminders if you don’t send your payroll submissions on time, or you’re late making payments to HMRC. These contain messages to help you put processes in place so that you can pay and file on time – before new in-year penalties start in April 2014. You can read more about using PAYE Online for employers.

You may also receive email warning notices if HMRC hold records for you, and where you have yet to submit any PAYE reports to HMRC in real time. These messages will inform the employer that they need to act now to avoid incurring penalties, and they should either advise HMRC if they no longer employ anyone, or start reporting in real time.

These emails will not ask you for any personal or financial information.

1.9 Educational emails

HMRC will periodically send emails to customers to support their business life events. The emails will include links to relevant online digital education material used to offer you help in relation to your business and will appear in your address bar as no-reply@hmrc.gov.uk. These emails will never ask you to provide personal or financial information.

 

How to tell if an email is fraudulent

As well as spelling mistakes and poor grammar, there are a number of things you can look out for to help you recognise a phishing/bogus email.

2.1 Incorrect ‘From’ address

Look out for a sender’s email address that is similar to, but not the same as, HMRC’s email addresses. Fraudsters often have email accounts with HMRC or revenue names in them (such as ‘refunds@hmrc.org.uk’). These email addresses are used to mislead you.

However be aware, fraudsters can falsify (spoof) the ‘from’ address to look like a legitimate HMRC address (for example ‘@hmrc.gov.uk’).

Examples of phishing and bogus emails

2.2 Personal information

HMRC will never:

  • send notifications of a tax rebate by email
  • ask you to disclose personal or payment information by email

2.3 Urgent action required

Fraudsters want you to act immediately. Be wary of emails containing phrases like ‘you only have 3 days to reply’ or ‘urgent action required’.

2.4 Bogus websites

Fraudsters often include links to webpages that look like the homepage of the HMRCwebsite. This is to trick you into disclosing personal/confidential information. Just because the page may look genuine, does not mean it is. Bogus webpages often contain links to banks/building societies, or display fields and boxes requesting your personal information such as passwords, credit card or bank account details.

You should be aware that fraudsters sometimes include genuine links to HMRC web pages in their emails, this is to try and make their emails appear genuine.

2.5 Common greeting

Fraudsters often send high volumes of phishing emails in one go so even though they may have your email address, they seldom have your name. Be cautious of emails sent with a generic greeting such as ‘Dear Customer’.

2.6 Attachments

Be cautious of attachments as these could contain viruses designed to steal your personal information.

If you have received a phishing/bogus email related to HMRC, or you’re not sure if it’s genuine, you can read about how to report internet scams and phishing to HMRC.

 

Content copyright HMRC – original source details can be found here