/ Home & Energy, Money

Update: We busted another council tax refund scam


You’ve received a text or email from ‘HMRC’ telling you you’re due a tax refund. It may look legitimate, but chances are it’s a scam.

When my colleague, Mark Harrison, received a text from ‘govuk’ telling him he’d been overcharged council tax for the last two years and was owed a £482.50 refund his suspicions were aroused.

Mark explained that:

‘On first glance I thought the message could be genuine – April’s a period of tax changes, and to be honest I wanted to think I was owed all this money!

Scam text

‘It was when I saw the web address that I smelled a rat – it didn’t add up that HMRC would use a .co.uk and not a .gov.uk website. I clicked the link, and at a glance it looked completely legitimate, especially with the HM Revenue and Customs logo in the corner.

HMRC Refund Form

‘My fears were confirmed when they asked for far more details than they needed for a refund  – like the CVC number from my debit card, and there were also spelling mistakes on the website.’

A little digging revealed that this dodgy site had been set up earlier that day. So we got straight on to HM Revenue & Customs (HMRC) who confirmed it was a scam.

Update: 19 October 2016

Which? has busted another tax refund scam and reported the scam site to HMRC for it to be taken down.

The scam presents itself with three steps to swipe your details. First an email informing the recipient that they are due a tax refund. To access said tax refund the recipient of the email must click on the ‘refund’ link.

HMRC scam

The link takes you through to a what appears to be a security requirement page which appears to gather your email account password before sending you to the mocked up scam ‘HMRC’ phishing page.

Security details scam

Spotting a tax scam

HMRC told us that council issues are handled by each council itself and not centrally by HMRC. So if you are contacted by anyone purporting to be from HMRC about your council tax, you should smell a rat.

The offending website has now been taken down. But spotting a scam like this isn’t always easy.

HMRC told us that a text or email from them will never:

  • Notify you of a tax rebate.
  • Offer you a repayment.
  • Request personal information such as full address, postcode, Unique Taxpayer Reference or bank account details.
  • Give a non HMRC personal email address to send a response to.
  • Ask for financial information such as specific figures or tax computations, unless you’ve given prior consent and you’ve formally accepted the risks.
  • Send attachments, unless you’ve given prior consent and you’ve formally accepted the risks.
  • Provide a link to a secure log-in page or a form asking for information – instead you’ll be asked to log on to your online account.

Reporting a suspicious text or email

Unfortunately, there’s no way of knowing if there are any more sites like this one. So if you receive a text or email linking to a suspicious looking site then please let us know.

HMRC regularly highlights their own guidance on avoiding these scams through social media, their website and other communications channels. But you can also assist their investigations by sending the details of fraudulent text messages via email to phishing@hmrc.gsi.gov.uk.

If you ‘re worried that you’ve shared personal information with a scammer then our guide on identity theft can take you through the next steps for taking action, or you can follow our advice on what to do if you’ve given a fraudster your bank details.

Steve says:
4 May 2016

Not had a problem so far but banks encourage internet use and should do more to protect customers

Robin Watts says:
4 May 2016

We are now in the 21st Century yet Westminster behave as though nothing has changed since Canute. Neither they or the police seem to have the will to prevent fraud. I’m continually getting cold calls from people wanting to get onto my computer who claim to be from Microsoft, this has been going on now for some 8 years. We are in desperate need to tighten up laws to protect us the public from this everyday threat, what we need is both MP’s and police who are educated for proper response not the present thicko’s who inhabit Westminster i.e. sort it or go. Perhaps appropriate life sentences should be given rather than slapped wrists to act as a proper deterrent.

Dave says:
4 May 2016

Robin, you’ll be doing time in The Tower with comments like, ‘Thicko’s who inhabit Westminster!’ Save me a place will you? lol 🙂

Tania says:
4 May 2016

Twice in the last week. One posing as an American couple from Wisconcin and in need of a Private PA, got my details from a very well known and global job site. I thankfully averted but he was after money in the long run and the second on the very dubious gumtree where I’m trying to sell my bike. Posed as disabled and would send a courier. Turned out he was posting from UAE and of course, wanted money for the courier. Gumtree is a scam minefield and so is Paypal. This last scam caused me to delete my Paypal account. Sick and tired of it. I have to say though, the fake Paypal emails were very slick indeed and one has to check very carefully to spot the scam and fake details.

robert poole says:
4 May 2016

I recently upgraded my virgin account and have been bombarded with scams telling me my account with virgin was about to be closed and to follow their link.
I have complained to virgin that someone was selling information to scamers this of course was denied it had come from there it was just a coincidence.

Louise says:
4 May 2016

I had exactly the same problem, luckily I ignored them but it was not coincidence there must certainly be a link.

Annette says:
4 May 2016

I was having bad issues with my hotmail account and unable to get help, so looked on facebook for a hotmail page, Found one, rang the number and the cvhap got into my computer and saiod I had many bugs in the email account and he could protect it for 3 months at £99.00 or a year for £170 something or a 3 monthly thing. Asked for my card details and then I realised what a fool I had been and I called them back and cancelled the transaction saying it was a scam. Guy wasn’t too happy of course and bunged the phone down on me.
Luckily I got away with it, and no money came out or since.

I’ve had a similar experience before so you;d have thought I wouldn’t have fallen for it again, but I really thought it was a genuine hotmail support.
I’ve also had someone hack my amazon account before Xmas last year and amazon weas useless and it never even got reported to their fraud dept. I was lucky again as I managed to cancel the order for amazon prime and £342. worth of playstation as my credit card people were on to it soon.
Amazon customer service did eventually tell me how to avoid it happening again and that was to remove my card details each time I used the site. As they had no 3d secure extra password window from your bank, which I think is most important.

Ian says:
4 May 2016

I have received several emails scams purporting to be from Paypal. I knew they were false as they put ‘Dear Customer’ instead of my name. I reported one to Paypal and they confirmed it was not from them. However nothing has happened to stop them. Where are they getting these email addresses from!