Contact from HMRC is genuine or phishing?

How to recognise when contact from HMRC is genuine and recognise phishing or bogus emails and text messages. 

As well as spelling mistakes and poor grammar, there are a number of things you can look out for to help you recognise a phishing or bogus email.

Incorrect ‘from’ address

Look out for a sender’s email address that is similar to, but not the same as, HMRC’s such as ‘’

Personal information

Emails from HMRC will never:

  • notify you of a tax rebate
  • offer you a repayment
  • ask you to disclose personal information such as your full address, postcode, Unique Taxpayer Reference or details of your bank account

Urgent action required

Fraudsters ask for immediate action such as ‘you only have 3 days to reply’ or ‘urgent action required’.

Bogus websites

Fraudsters often include links to webpages that look like the homepage of the HMRC website to trick you into disclosing personal or confidential information. Just because the page may look genuine, does not mean it is.

Bogus webpages often contain links to banks or building societies, or display fields and boxes requesting your personal information.

Common greeting

Fraudsters often send high volumes of phishing emails in one go, so even though they may have your email address, they seldom have your name. Emails from HMRC will:

  • usually use the preferred name you’ve provided 
  • include information on how to report phishing emails 


Be cautious of attachments as these could contain viruses designed to steal your personal information.

For more information visit here.


October 12, 2018


Louisa Holt