/ Money

Scam watch: ‘HMRC’ phishing emails

Email phishing scam

Have you ever received an email claiming to be from HM Revenue & Customs (HMRC) offering you a tax rebate? Julia did and she almost fell for it…

Julia told us: I received an email from HMRC saying it had identified an error in the calculation of my tax, resulting in an overpayment of £1,400. It then asked me to click on a ‘Refund me now’ link to claim my payment.

As much as I was excited about the prospect of such a large rebate, I thought it sounded a bit too good to be true. So I looked for all the common signs of a phishing email. It was from a genuine-looking ‘no-reply@hmrc.gov.uk’ and looked like other emails I have received from HMRC. It also included other links on the right-hand side. I tested a few out and they all went through to the HMRC website.

However, I was still suspicious so contacted HMRC, which confirmed it was a scam – albeit a clever one that almost fooled me.

How to avoid ‘HMRC’ email scams

HMRC scam emailWe say: You were right to be wary. HMRC has confirmed that it will never send notifications of a tax refund or ask you to disclose personal or payment information by email. If you are suspicious of an email purporting to be from HMRC, forward it to its specialist team to investigate at phishing@hmrc.gsi.gov.uk.

It’s a widespread issue – 40% of respondents in our survey of 2,016 UK adults in January 2015 had received a phishing email claiming to be from HMRC in the past two years. Incidents are more common around the annual tax deadlines.

HMRC scam emails can take several forms, such as saying you’ve made a mistake on your self-assessment form or that your tax notice has been issued. Some even ask you to verify your identity by providing a copy of your passport!

We have more advice on how to avoid tax scams on our Consumer Rights website – have you encountered one of them?

b foster says:
28 March 2015

I received an email from a so called 51 year old lady in California who said she, through a particular solicitor had reclaimed 1.5 million dollars advising me to send 500 dollars to him and he would get my claim for me. I don’t have a claim and was not sure who to forward this scam to so I deleted it as I do with all of these emails.

Advance fee fraud, commonly known as a 419 scam, is one of the most prevalent and widely known scams on the internet. The number 419 refers to the article of the Nigerian criminal code dealing with this type of fraud, as the practice originated in Nigeria but has since been adopted by criminals in many other countries.

Never send money in advance in order to receive money back. If expenses are needed to process a payment due to you, in a genuine scenario those expenses would be funded directly from the money due to you.

I don’t understand why people are so trusting of the sender’s e-mail address. In the same way that the sender can write any postal address at the top of a letter, the sender of an e-mail can enter any sender’s e-mail address. Any e-mail software, e.g. Microsoft Outlook or Windows Mail, allows you to edit the sender’s address to be whatever you want.

Mrs Janet King says:
28 March 2015

Received email from DVLA say had paid too much and refund was due
Looked genuine but was curious as car tax not due for renewal until June 2015 and had not changed my car so deleted

I received an HMRC scam email re a tax rebate, but I thought, “aye, right, as if!”, and I deleted it. I know people who have received tax rebates, but never through emails and not very often as a surprise. I also thought that if this was genuine HMRC would get in touch with me by other means if they couldn’t get hold of me by email (maybe I’m naïve?).

Lynn says:
29 March 2015

Ditto Sophie, I have had several email’s telling me of rebates due, I have reported them as scams then delete them and they just go to my spam box now. I thought everyone knew this was a scam now. HMRC have posted this on media sites and reported this on the news. I can’t see how we can expect them to do any more.

While we’re on the subject of deceptive e-mails, it seems that consumers are not the only people to be taken in. A prisoner at Wandsworth prison sent an e-mail to the prison, which appeared to come from the court, instructing the prison to release him on bail; it worked. It was reported by the media yesterday:




Although I appreciate this is a serious matter, hats off to the guy. This would have made one of the best April fools ever. He should be employed by HMCTS to combat security breaches… after serving the time he must.

Yes, even the judge described him as “ingenious”. However, the prison staff were quite the opposite of ingenious for falling for it, particularly as they should have know the nature of the offences for which he was on remand.

It reinforces your previous point that people naively trust e-mail addresses. Apparently it wasn’t the actual Court address that was used on the fake e-mail but one like it. I expect a head is rolling in that gaol now [metaphorically I mean].

Shiv Mohindra says:
21 April 2015

What happend here I do not fully understand

I think all the banks and HMRC etc should have an email address that all scam emails that use their name could be forwarded to so that they could deal with them.

Some of the banks do have such a system, but the banks are largely powerless to solve the problem. The phishing web sites that victims are encouraged to visit are usually hosted on compromised PCs in jurisdictions with poor law enforcement. By the time that the authorities can shut down the site, the scammers have already moved on to another compromised PC. Shutting down domain names or sub-domains can be an effective course of action, but not always effective.

I believe that the banks and other organisations could do a lot more to help people avoid email scams. For many years I have been forwarded emails where friends have been suspicious of emails. In almost all cases it was very easy to find other reports of the scam and send an appropriate link to my contact.

Why cannot the organisations offer some online support to everyone who is concerned about a possible scam? If users are told to copy/paste some of the text into a web search, they can easily identify most scams for themselves, but providing an email address for notification of scams is essential in my opinion.

I get very few phishing scams these days. Whether that is because of a tightening-up of internet security and scam-blocking on my PC, or whether it has fallen out of favour as a crime, I don’t know. Certainly any that do appear are desperate and pathetic attempts and I am surprised they fool anybody.

I recently received a tax refund from HMRC following some notice of coding adjustments. In the first place revised NoC’s are issued, so you know something is happening. Then they send you a letter to say that they owe you a refund for over-payment of tax and that a cheque is on its way, and then finally a cheque arrives as a separate letter. There has been no e-mail traffic whatsoever, and unless they have picked it off my letterhead on correspondence I don’t think HMRC even have a permanent record of my e-mail address [the last self-assessment tax return I made was on paper].

Lynn says:
29 March 2015

I agree with you John, I am also surprised that they would fool anyone. I do still get the odd one from African countries trying to get me to do a bit of money laundering for them. I tend to think if you expect something for nothing that is what you will get.

I do also get the odd one from banks and paypal saying my account has a problem and they will freeze it unless I contact them, usually it is banks I do not use. My own bank always warns that they will not contact you this way and what information they will ask for and always stress they will never ask for a password.

So again I agree, why are people still falling for these scams?

I would like to know what percentage of the population have been victim of a phishing scam of any type. It would also be interesting to know whether people have been caught out more than once or whether the experience has helped to make them aware of the problem.

It would be a great help if genuine emails did not contain links or phone numbers. If there is need for contact we could be advised to search for the relevant website. In the case of a government website, we should be advised that the genuine website will have GOV in the address. It might be worth having a reference number in the email since this could help trace the correspondence – and if there is a scam it will mean nothing.

I have never been victim of a scam but I may have ignored important emails. 🙁

I think in 25 years I have never had an e-mail from a bank or HMRC or savings or investment organisation containing any personal information or data or on a matter requiring my attention [as opposed to marketing material]. I think it is safe to delete anything from such organisations, along with anything that purports to come from them, and you’ll be no worse off.

That’s encouraging John. I had not paid enough attention to the emails to be sure of this.

Who needs an outsider for HMRC scamming?
As result of being abroad (posted to Camp Bastion) my son did not know that his 2012/13 self-employed return ‘had not been received’ and the late return fined accrued to over £1000. When they finally acknowledged receipt of the return he was owed £34+ he had overpaid. The HMRC refused to cancel the fines.
Overpaying HMRC can result in the scam fine over £1000.

The real give away to the HMRC scam is the co. cz? web address, but you don’t spell refundE! with an e, as it was on my refund application.

I also received the following email. I nearly was taken in as I had submitted a self-assessment tax form about 10 days earlier! Fortunately I checked and didn’t ‘click refund’, and have forwarded this email to HMRC phishing email address. The give away was that the email originated from a personal hotmail account

Subject: Tax refund application
From: Victoria Henry
Sent: Tuesday, 11 October 2016 13:05
HM Revenue & Customs


New Tax Calculation
We have determined that you are eligible to receive a tax refund of 198.47 GBP.

Please Click Refund and submit the tax refund request.
Note : A refund can be delayed a variety of reasons, for example submitting invalid records or applying after deadline..

HMRC FoI Act Team
Room E3/85
152 Parliament Street

About two years ago I had an HMCR email saying I was due a refund. Luckily I had three ‘alerts’: It was addressed to my email (not personal name), the post code wasn’t written correctly and I have an accountant who would have told me of an overpayment.