You’ve received a text or email from ‘HMRC’ telling you you’re due a tax refund. It may look legitimate, but chances are it’s a scam.
When my colleague, Mark Harrison, received a text from ‘govuk’ telling him he’d been overcharged council tax for the last two years and was owed a £482.50 refund his suspicions were aroused.
Mark explained that:
‘On first glance I thought the message could be genuine – April’s a period of tax changes, and to be honest I wanted to think I was owed all this money!
‘It was when I saw the web address that I smelled a rat – it didn’t add up that HMRC would use a .co.uk and not a .gov.uk website. I clicked the link, and at a glance it looked completely legitimate, especially with the HM Revenue and Customs logo in the corner.
‘My fears were confirmed when they asked for far more details than they needed for a refund – like the CVC number from my debit card, and there were also spelling mistakes on the website.’
A little digging revealed that this dodgy site had been set up earlier that day. So we got straight on to HM Revenue & Customs (HMRC) who confirmed it was a scam.
Update: 19 October 2016
Which? has busted another tax refund scam and reported the scam site to HMRC for it to be taken down.
The scam presents itself with three steps to swipe your details. First an email informing the recipient that they are due a tax refund. To access said tax refund the recipient of the email must click on the ‘refund’ link.
The link takes you through to a what appears to be a security requirement page which appears to gather your email account password before sending you to the mocked up scam ‘HMRC’ phishing page.
Spotting a tax scam
HMRC told us that council issues are handled by each council itself and not centrally by HMRC. So if you are contacted by anyone purporting to be from HMRC about your council tax, you should smell a rat.
The offending website has now been taken down. But spotting a scam like this isn’t always easy.
HMRC told us that a text or email from them will never:
- Notify you of a tax rebate.
- Offer you a repayment.
- Request personal information such as full address, postcode, Unique Taxpayer Reference or bank account details.
- Give a non HMRC personal email address to send a response to.
- Ask for financial information such as specific figures or tax computations, unless you’ve given prior consent and you’ve formally accepted the risks.
- Send attachments, unless you’ve given prior consent and you’ve formally accepted the risks.
- Provide a link to a secure log-in page or a form asking for information – instead you’ll be asked to log on to your online account.
Reporting a suspicious text or email
Unfortunately, there’s no way of knowing if there are any more sites like this one. So if you receive a text or email linking to a suspicious looking site then please let us know.
HMRC regularly highlights their own guidance on avoiding these scams through social media, their website and other communications channels. But you can also assist their investigations by sending the details of fraudulent text messages via email to firstname.lastname@example.org.
If you ‘re worried that you’ve shared personal information with a scammer then our guide on identity theft can take you through the next steps for taking action, or you can follow our advice on what to do if you’ve given a fraudster your bank details.