Sure as night follows day, every year (shortly after personal tax season) inboxes across the country are accosted by a huge influx of tax refund emails appearing to originate from HMRC. As many of you will know, these emails are actually from nefarious scammers attempting to grab your bank or card details through increasingly complex phishing scams.
The scam plays out like this – shortly after the end of January (when most people file their Self Assessment) you’ll receive an email ostensibly from HMRC’s personal tax team, informing you of a refund you are eligible to receive. It will direct you to an external website or to download and fill out a form in order to receive your refund. Of course, what you’re actually doing is passing all this sensitive information onto criminals, who will then use it to defraud you.
As with all scams, there are little clues that betray its inauthenticity along the way. Small formatting or spelling mistakes, wonky security certificates, or unrecognised characters in the text. However these mistakes are easy to overlook when you’re excitedly trying to claim the £500 you believe you’re owed.
How to recognise scam emails
The first and most important thing to remember about emails from HMRC is this –
HMRC will never tell you about a tax rebate, or ask you to disclose personal or payment information, by email http://t.co/iY4qX6Fw7Y
— HM Revenue & Customs (@HMRCgovuk) November 6, 2013
So any email purporting to be from HMRC can be instantly disregarded. If you are owed a tax refund you will be notified via post.
Other telltale signs that these emails are not legitimate:
- Most filters will catch them and automatically relegate them to your spam folder
- The addressee field is often blank, indicating these emails have been bulk BCC’d to many people (a good indicator for any kind of spam)
- The email does not address you by name, possibly indicating the address has been scraped from a public website
- The form asks for far too much information (Mother’s maiden name, Driving License number, Verified by Visa password etc.)
For the more technically inclined, we dove into the code of a phishing email we received recently and found that, once the Submit button is clicked, the information is actually sent to a Russian website (this one – click at your own risk).
Most of the emails follow a fairly recognisable pattern. The text is usually something along these lines –
RECALCULATION OF YOUR TAX REFUND
LOCAL OFFICE No. 3819
TAX CREDIT OFFICER: Kevin Paul Burrow
TAX REFUND ID NUMBER: 384116214
REFUND AMOUNT: 244.79 GBP
The contents of this email and any attachments are confidential and as applicable, copyright in these is reserved to HM Revenue & Customs. Unless expressly authorised by us, any further dissemination or distribution of this email or its attachments is prohibited.
If you are not the intended recipient of this email, please reply to inform us that you have received this email in error and then delete it without retaining any copy.
I am sending this email to announce: After the last annual calculation of your fiscal activity we have determined that you are eligible to receive a tax refund of 244.79 GBP
You have attached the tax return form with the TAX REFUND NUMBER ID: 384116214 complete the tax return form attached to this message.
After completing the form, please submit the form by clicking the SUBMIT button on form and allow us 5-9 business days in order to process it.
Our head office address can be found on our web site at HM Revenue & Customs: http://www.hmrc.gov.uk
Kevin Paul Burrow,
HMRC Tax Credit Office
TAX REFUND ID: UK384116214-HMRC
© Copyright 2013, HM Revenue & Customs UK All rights reserved.
How to report the emails to HMRC
These scams have become such a widespread problem that HMRC has a dedicated phishing email reporting service – and the continued existence of these scams would seem to indicate the scammers are having at least some success.
If any of these emails find their way into your main inbox, we highly recommend forwarding them on to HMRC. It’s important that the taxman stay abreast of the latest phishing methods, and an email making it past spam filters often indicates the scammers have found a new wheeze – so any scurrilous emails should be forwarded to email@example.com for HMRC’s fraud teams to look at.
HMRC then advise you delete the email, or at the very least mark it as spam with your email provider.
Personal tax isn’t the only avenue used by tricksters to get access to your personal info. We’ve seen plenty of VAT scams in the past, both on and offline, and just recently heard of a VAT email scam appearing to originate from firstname.lastname@example.org reporting a late VAT return. The email has an executable file attached which would have presumably infected the victim’s computer with all kinds of nastiness.
The only guarantee where scammers are concerned is that they will always have new tricks up their sleeve, and it is up to individuals to be vigilant and report these scams when they appear.
If you ever receive a suspicious email or letter, forward it to your Account Manager who can verify its authenticity (or lack thereof).
Photo by Mark Fischer