HMRC, fake communications, cybercrime, phishing scams

Press release: Be watchful for fake HMRC communications

31 August, 2017

The Association of Taxation Technicians (ATT) is urging taxpayers to be vigilant of cybercrimes and phishing scams where criminals pretend to be HMRC in order to obtain sensitive personal details.

The warning comes as HMRC embark on a number of taxpayer surveys and communications towards the end of 2017.

Phishing scams involve emails, texts, letters, phone calls or faxes which purport to be from HMRC. Some of these fakes are very sophisticated, with many of the scammers using email addresses, website and logos that look very similar to official HMRC ones.1

Yvette Nunn, Co-chair of ATT’s Technical Steering Group, said:

“It is important to remember that HMRC will never inform you of a refund or penalty, or ask for personal information by text or email.

“Tell-tale signs of a phishing attempt include sloppy spelling and grammar, using non-specific forms of address such as ‘Dear Customer’ and stressing the need for urgent action.

“If in doubt, do not open any suspicious emails or texts. If you do open them do not click on any links, open attachments or provide any personal information.”

Among official planned HMRC communications towards the end of 2017:

  • From this month (August), letters inviting households to participate in the annual HMRC Customer Survey are being sent out. The letters inform customers that they may be contacted by telephone by a representative of Kantar Public. Whether completed online, on paper or on the telephone, the real survey by Kantar will not ask the customer to provide any personal or financial information.
  • From September to November 2017, taxpayers may be telephoned by a representative from Kantar Public asking them to participate in the survey on behalf of HMRC about the dealings people have with them. The real survey will not ask the customer to provide any personal or financial information.
  • From August to October 2017, HMRC and Ipsos MORI will be sending a joint letter to randomly selected individuals inviting them to take part in research on saving and the Help to Save scheme. The real letter does not request any personal, payment, or tax related information at this stage.

Yvette Nunn added:

“If you want to check whether a communication is genuinely from HMRC you should contact them directly, as you would normally, rather than on any numbers provided.  HMRC also publish up to date lists of their official communications and examples of known phishing attempts on their website which you can consult.2

“It is always better to be safe than sorry when it comes to phishing.”

Notes for editors

  1. A common phishing example is an email or text which informs the taxpayer that they are due a tax refund and asks them to click through to a website and/or provide personal and financial information to receive it. Another example of a widely reported phishing scam which particularly targets the elderly is a recorded message is left stating that HMRC are bringing a lawsuit and are going to sue the taxpayer.  The recipient is then asked to phone a number and select ‘1’ to speak to the officer dealing with their case.
  2. Current list of digital and other contact issued from HMRC – link here.
  3. HMRC said they will implement fully the domain-based message authentication, reporting and conformance (Dmarc) system to stop phishing emails related to their work. There were an estimated 500 million phishing emails related to HMRC a year, in 2014 and 2015 - see link here.