/ Home & Energy, Money

Update: We busted another council tax refund scam


You’ve received a text or email from ‘HMRC’ telling you you’re due a tax refund. It may look legitimate, but chances are it’s a scam.

When my colleague, Mark Harrison, received a text from ‘govuk’ telling him he’d been overcharged council tax for the last two years and was owed a £482.50 refund his suspicions were aroused.

Mark explained that:

‘On first glance I thought the message could be genuine – April’s a period of tax changes, and to be honest I wanted to think I was owed all this money!

Scam text

‘It was when I saw the web address that I smelled a rat – it didn’t add up that HMRC would use a .co.uk and not a .gov.uk website. I clicked the link, and at a glance it looked completely legitimate, especially with the HM Revenue and Customs logo in the corner.

HMRC Refund Form

‘My fears were confirmed when they asked for far more details than they needed for a refund  – like the CVC number from my debit card, and there were also spelling mistakes on the website.’

A little digging revealed that this dodgy site had been set up earlier that day. So we got straight on to HM Revenue & Customs (HMRC) who confirmed it was a scam.

Update: 19 October 2016

Which? has busted another tax refund scam and reported the scam site to HMRC for it to be taken down.

The scam presents itself with three steps to swipe your details. First an email informing the recipient that they are due a tax refund. To access said tax refund the recipient of the email must click on the ‘refund’ link.

HMRC scam

The link takes you through to a what appears to be a security requirement page which appears to gather your email account password before sending you to the mocked up scam ‘HMRC’ phishing page.

Security details scam

Spotting a tax scam

HMRC told us that council issues are handled by each council itself and not centrally by HMRC. So if you are contacted by anyone purporting to be from HMRC about your council tax, you should smell a rat.

The offending website has now been taken down. But spotting a scam like this isn’t always easy.

HMRC told us that a text or email from them will never:

  • Notify you of a tax rebate.
  • Offer you a repayment.
  • Request personal information such as full address, postcode, Unique Taxpayer Reference or bank account details.
  • Give a non HMRC personal email address to send a response to.
  • Ask for financial information such as specific figures or tax computations, unless you’ve given prior consent and you’ve formally accepted the risks.
  • Send attachments, unless you’ve given prior consent and you’ve formally accepted the risks.
  • Provide a link to a secure log-in page or a form asking for information – instead you’ll be asked to log on to your online account.

Reporting a suspicious text or email

Unfortunately, there’s no way of knowing if there are any more sites like this one. So if you receive a text or email linking to a suspicious looking site then please let us know.

HMRC regularly highlights their own guidance on avoiding these scams through social media, their website and other communications channels. But you can also assist their investigations by sending the details of fraudulent text messages via email to phishing@hmrc.gsi.gov.uk.

If you ‘re worried that you’ve shared personal information with a scammer then our guide on identity theft can take you through the next steps for taking action, or you can follow our advice on what to do if you’ve given a fraudster your bank details.

Steve says:
4 May 2016

Not had a problem so far but banks encourage internet use and should do more to protect customers

Robin Watts says:
4 May 2016

We are now in the 21st Century yet Westminster behave as though nothing has changed since Canute. Neither they or the police seem to have the will to prevent fraud. I’m continually getting cold calls from people wanting to get onto my computer who claim to be from Microsoft, this has been going on now for some 8 years. We are in desperate need to tighten up laws to protect us the public from this everyday threat, what we need is both MP’s and police who are educated for proper response not the present thicko’s who inhabit Westminster i.e. sort it or go. Perhaps appropriate life sentences should be given rather than slapped wrists to act as a proper deterrent.

Dave says:
4 May 2016

Robin, you’ll be doing time in The Tower with comments like, ‘Thicko’s who inhabit Westminster!’ Save me a place will you? lol 🙂

Tania says:
4 May 2016

Twice in the last week. One posing as an American couple from Wisconcin and in need of a Private PA, got my details from a very well known and global job site. I thankfully averted but he was after money in the long run and the second on the very dubious gumtree where I’m trying to sell my bike. Posed as disabled and would send a courier. Turned out he was posting from UAE and of course, wanted money for the courier. Gumtree is a scam minefield and so is Paypal. This last scam caused me to delete my Paypal account. Sick and tired of it. I have to say though, the fake Paypal emails were very slick indeed and one has to check very carefully to spot the scam and fake details.

robert poole says:
4 May 2016

I recently upgraded my virgin account and have been bombarded with scams telling me my account with virgin was about to be closed and to follow their link.
I have complained to virgin that someone was selling information to scamers this of course was denied it had come from there it was just a coincidence.

Louise says:
4 May 2016

I had exactly the same problem, luckily I ignored them but it was not coincidence there must certainly be a link.

Annette says:
4 May 2016

I was having bad issues with my hotmail account and unable to get help, so looked on facebook for a hotmail page, Found one, rang the number and the cvhap got into my computer and saiod I had many bugs in the email account and he could protect it for 3 months at £99.00 or a year for £170 something or a 3 monthly thing. Asked for my card details and then I realised what a fool I had been and I called them back and cancelled the transaction saying it was a scam. Guy wasn’t too happy of course and bunged the phone down on me.
Luckily I got away with it, and no money came out or since.

I’ve had a similar experience before so you;d have thought I wouldn’t have fallen for it again, but I really thought it was a genuine hotmail support.
I’ve also had someone hack my amazon account before Xmas last year and amazon weas useless and it never even got reported to their fraud dept. I was lucky again as I managed to cancel the order for amazon prime and £342. worth of playstation as my credit card people were on to it soon.
Amazon customer service did eventually tell me how to avoid it happening again and that was to remove my card details each time I used the site. As they had no 3d secure extra password window from your bank, which I think is most important.

Ian says:
4 May 2016

I have received several emails scams purporting to be from Paypal. I knew they were false as they put ‘Dear Customer’ instead of my name. I reported one to Paypal and they confirmed it was not from them. However nothing has happened to stop them. Where are they getting these email addresses from!

Chantal says:
4 May 2016

My husband experienced the same problem with government website for renewing his driving licence. Government apparently warned people about the scam, but why didn’t they do something about it? We did get the money back eventually but it was long winded

Johnathan Kemp says:
4 May 2016

I recently paid an excess fee on an insurance claim by phone, using a credit card that I rarely use. Within 24 hours someone had used my card details to book two trips by uber and to purchase a pair of designer sunglasses. Luckily my building society spotted the activity and contacted me, so no money was lost.
I frequently get phone calls from “the windows operating system phoning about my computer”, these scammers have been calling for years now. It is well past time that responsibility for scams is passed to those who allow their message to be transmitted. When I contacted my telephone provider re the “windows” phone calls they were not interested. They are happy to charge for caller identification though. Phone and internet providers should be required to provide call and email blocking as part of the basic package.

Shahin says:
4 May 2016

I recently was a victim of sophisticated scam in my own home, the scammer was from India.
I reported to the fraud team of Met police and they was helpless and advised me to get internet security which I already have spent so much money on. Any security did not stop the scammer from remotely accessing my computer and stealing all my data, financial record crashing my computer with virus and transferring money from my back account to india.
I was able to give all these information to the police but they seems to have a laugh about it.
I find it ridiculous that the government put a blind eye to these issue unless it was the banks then the government will take public money to save the greedy banks while public has constantly suffered last 2 decades from a government that seem to advocate loss of public to capitalise as much money as possible. Also the government is obsessed with arresting Edward Snowden for making the public more safe. Also as far as I am concerned now there might be other people in India with my detail creating fake identity and there is nothing I can do.

[This comment has been tweaked to align with our Community Guidelines. Thanks, mods]

Terry says:
4 May 2016

I have dealt with Paypal and recently tried to cancel my account with them. They are a damned hard company to contact. I managed to unsubscribe, but that is all. I have never found them to be a fraudulent company, but find that that they constantly pester me to make more purchases
So I have recently cancelled all my credit cards, ensuring that I am now unable to make online purchases.
I do not make online purchases anymore. SORTED!


One piece of advice is, if “your bank” contacts you (phone or email) and asks you to get back to them NEVER use the link or phone number they quote, go to the bank’s genuine web site (google it is you don’t have it to hand or use a bank statement) and contact them via that.
Use a different phone (mobile) if you have one, or at least make sure you get a dial tone before dialing.
Web addresses, phone numbers and email addresses could easily be fakes and the person who answers a scammer. If it sounds the least bit suspicious or there’s some “hurry up” inducement check with the genuine company,