How to recognise when contact from HMRC is genuine and recognise phishing or bogus emails and text messages.
As well as spelling mistakes and poor grammar, there are a number of things you can look out for to help you recognise a phishing or bogus email.
Incorrect ‘from’ address
Look out for a sender’s email address that is similar to, but not the same as, HMRC’s such as ‘refunds@hmrc.org.uk’
Personal information
Emails from HMRC will never:
- notify you of a tax rebate
- offer you a repayment
- ask you to disclose personal information such as your full address, postcode, Unique Taxpayer Reference or details of your bank account
Urgent action required
Fraudsters ask for immediate action such as ‘you only have 3 days to reply’ or ‘urgent action required’.
Bogus websites
Fraudsters often include links to webpages that look like the homepage of the HMRC website to trick you into disclosing personal or confidential information. Just because the page may look genuine, does not mean it is.
Bogus webpages often contain links to banks or building societies, or display fields and boxes requesting your personal information.
Common greeting
Fraudsters often send high volumes of phishing emails in one go, so even though they may have your email address, they seldom have your name. Emails from HMRC will:
- usually use the preferred name you’ve provided
- include information on how to report phishing emails
Attachments
Be cautious of attachments as these could contain viruses designed to steal your personal information.
For more information visit here.