Broadly, phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy source in an electronic communication. This is generally carried out by email spoofing or instant messaging, and it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.
Most people are aware of the increase in volume and sophistication of phishing campaigns in recent years, but worryingly, there has also been a notable rise in reported incidents of phone calls and/or electronic communications from people claiming to be HMRC.
So, how can you recognise what is genuine HMRC contact and what are phishing, or bogus emails and text messages?
HMRC never send notifications by email about tax repayments or refunds. Therefore, if an email is received along these lines the recipient should not:
– visit the website;
– open any attachments; or
– disclose any personal or payment information.
Fraudsters may spoof a genuine email address or change the ‘display name’ to make it appear genuine. If you are unsure, forward it to HMRC (firstname.lastname@example.org) and delete it.
HMRC will never ask for personal or financial information when they send text messages. If you do receive a text message claiming to be from HMRC offering a tax refund in exchange for personal or financial details do not open any links in the message. Send any phishing text messages to 60599 (network charges apply) or email email@example.com then delete it.
HMRC are aware of a phishing campaign telling customers they need to ‘download a PDF attachment’ to get a tax refund. The PDF attachment contains a link to a phishing site asking for personal or financial information. Do not reply to the email or download the attachment. A recent scam has also been identified on Twitter offering a tax refund.
HMRC publish examples of phishing emails on their website.
Details have recently emerged of an automated phone call scam which informs the listener that HMRC is filing a lawsuit against them, and to press one to speak to a caseworker to make a payment. This scam has been widely reported and often targets elderly and vulnerable people. Other scam calls may offer a tax refund and request the listener to provide bank or credit card information.
Anyone who has been a victim of the scam and suffered financial loss should report it to Action Fraud. In summary, never give out private information (such as bank details or passwords), reply to text messages, download attachments or click on any links in emails if you’re not sure they’re genuine.