As we approach the self-assessment season, individuals should be on the look-out for phishing and phone scams in which criminals pretend to be HMRC.
How to spot phishing
Whilst many such scams can be easy to spot, others are quite sophisticated and use email addresses, websites and logos that look very similar to official HMRC ones.
A key feature of phishing scams is that they will ask you to provide personal or financial details (such as credit card or bank details) in order, for example, to receive a tax refund.
HMRC stress that they will never use texts or emails to:
• Inform you of a tax rebate or penalty, or
• Ask for personal or payment information.
HMRC will also never call individuals out of the blue to demand money, or inform them of penalties or refunds. Instead taxpayers will usually be informed by letter or in their P800 tax calculation in the first instance.
More pointers on how to differentiate between fraudulent and genuine HMRC communications can be found here.
HMRC publish examples of known phishing emails and bogus calls, text messages and social media direct messages and how to spot them.
The ATT have also become aware of a recent increase in scam telephone calls regarding outstanding tax from people claiming to be from HMRC. The target is asked to purchase iTunes vouchers to pay their supposed outstanding balance. These attacks appear to be concerted, with the scammers calling several hundred residents in the same rural town in a single day. More information can be found here.
What to do if you suspect phishing
If you are at all in doubt as to whether a message is genuine:
• Don’t open it;
• If you do open it, don’t click on any links, open any attachments or provide any information.
If you receive a suspicious phone call you should hang up and call HMRC back as you would normally, rather than on any numbers provided by the caller. It is wise to use another phone to do this just in case the scammer has not disconnected the call.
HMRC publish up to date lists of genuine topical HMRC calls, letters and digital communications which can be referred to if you are in doubt.
Suspicious emails and texts should be deleted, but HMRC also encourage taxpayers to report them by phishing [at] hmrc.gsi.gov.uk (subject: Phishing) (email). More information can be found here.