/ Money

Scam watch: ‘HMRC’ phishing emails

Email phishing scam

Have you ever received an email claiming to be from HM Revenue & Customs (HMRC) offering you a tax rebate? Julia did and she almost fell for it…

Julia told us: I received an email from HMRC saying it had identified an error in the calculation of my tax, resulting in an overpayment of £1,400. It then asked me to click on a ‘Refund me now’ link to claim my payment.

As much as I was excited about the prospect of such a large rebate, I thought it sounded a bit too good to be true. So I looked for all the common signs of a phishing email. It was from a genuine-looking ‘no-reply@hmrc.gov.uk’ and looked like other emails I have received from HMRC. It also included other links on the right-hand side. I tested a few out and they all went through to the HMRC website.

However, I was still suspicious so contacted HMRC, which confirmed it was a scam – albeit a clever one that almost fooled me.

How to avoid ‘HMRC’ email scams

HMRC scam emailWe say: You were right to be wary. HMRC has confirmed that it will never send notifications of a tax refund or ask you to disclose personal or payment information by email. If you are suspicious of an email purporting to be from HMRC, forward it to its specialist team to investigate at phishing@hmrc.gsi.gov.uk.

It’s a widespread issue – 40% of respondents in our survey of 2,016 UK adults in January 2015 had received a phishing email claiming to be from HMRC in the past two years. Incidents are more common around the annual tax deadlines.

HMRC scam emails can take several forms, such as saying you’ve made a mistake on your self-assessment form or that your tax notice has been issued. Some even ask you to verify your identity by providing a copy of your passport!

We have more advice on how to avoid tax scams on our Consumer Rights website – have you encountered one of them?

b foster says:
28 March 2015

I received an email from a so called 51 year old lady in California who said she, through a particular solicitor had reclaimed 1.5 million dollars advising me to send 500 dollars to him and he would get my claim for me. I don’t have a claim and was not sure who to forward this scam to so I deleted it as I do with all of these emails.


Advance fee fraud, commonly known as a 419 scam, is one of the most prevalent and widely known scams on the internet. The number 419 refers to the article of the Nigerian criminal code dealing with this type of fraud, as the practice originated in Nigeria but has since been adopted by criminals in many other countries.

Never send money in advance in order to receive money back. If expenses are needed to process a payment due to you, in a genuine scenario those expenses would be funded directly from the money due to you.


I don’t understand why people are so trusting of the sender’s e-mail address. In the same way that the sender can write any postal address at the top of a letter, the sender of an e-mail can enter any sender’s e-mail address. Any e-mail software, e.g. Microsoft Outlook or Windows Mail, allows you to edit the sender’s address to be whatever you want.

Mrs Janet King says:
28 March 2015

Received email from DVLA say had paid too much and refund was due
Looked genuine but was curious as car tax not due for renewal until June 2015 and had not changed my car so deleted


I received an HMRC scam email re a tax rebate, but I thought, “aye, right, as if!”, and I deleted it. I know people who have received tax rebates, but never through emails and not very often as a surprise. I also thought that if this was genuine HMRC would get in touch with me by other means if they couldn’t get hold of me by email (maybe I’m naïve?).

Lynn says:
29 March 2015

Ditto Sophie, I have had several email’s telling me of rebates due, I have reported them as scams then delete them and they just go to my spam box now. I thought everyone knew this was a scam now. HMRC have posted this on media sites and reported this on the news. I can’t see how we can expect them to do any more.


While we’re on the subject of deceptive e-mails, it seems that consumers are not the only people to be taken in. A prisoner at Wandsworth prison sent an e-mail to the prison, which appeared to come from the court, instructing the prison to release him on bail; it worked. It was reported by the media yesterday:





Although I appreciate this is a serious matter, hats off to the guy. This would have made one of the best April fools ever. He should be employed by HMCTS to combat security breaches… after serving the time he must.


Yes, even the judge described him as “ingenious”. However, the prison staff were quite the opposite of ingenious for falling for it, particularly as they should have know the nature of the offences for which he was on remand.