Fake HMRC communications

Criminals are increasingly using the ‘face’ of legitimate companies to trick unsuspecting individuals into revealing personal information. Recently, HMRC has been used to front many scams with fake correspondence appearing to have legitimately come from them.

Cyber criminals claiming to be from HMRC are using a variety of mediums to glean information from their victims by tricking them to either disclose personal or financial details, prompting them to click on links or to download attachments often under the pretence of ‘claiming a tax refund’, this act is known as phishing.

These attempts to pass themselves off as HMRC can be particularly convincing with websites, emails and phone numbers looking like they are part of an official government service. The names of real employees of HMRC have also been used in the past to solidify the belief that the victim is communicating with an actual HMRC employee.

What are HMRC doing to tackle the problem?

Donald Woolier of HMRC’s Cyber Security Team states “… due to our technical controls, we now prevent almost all of the HMRC phishing  emails from ever reaching our customers’ inboxes…”.  However,  this has led to criminals attempting different approaches in order to deceive the public, including the use of text/SMS messaging, otherwise known as ‘SMiShing’ which grew significantly between 2016 and 2017.

Donald continued to say “We have delivered an innovative pilot to protect HMRC-related ‘alpha tags’ – the sender that displays on your phone when you get a text message. The new technology identifies  fraudulent text messages and stops them before they are even delivered to your phone”.

How to avoid being scammed

In order to avoid being scammed or caught out by any fraudulent correspondence, HMRC give the following guidance: “You’ll never get an email, text message or phone call from HMRC informing you about a tax rebate, penalty or asking for your personal or payment information”

Due to increased HMRC prevention measures criminals are persistently trying to seek new ways around HMRC security. If you do receive a suspicious message the below infographic outlines what you should do:

Final Thoughts – How to keep you & your business safe

Cyber criminals have been finding innovative ways to breach HMRC’s security features with the aim of tricking unsuspecting members of the public to revealing sensitive information.
HMRC however, are taking this threat very seriously; implementing a number of initiatives to eradicate these threats with impressive results. The main message from HMRC is if your ‘unclaimed tax rebate’ sounds too good to be true, it probably is! Be cautious and never disclose information over the phone or click on unknown / untrustworthy links. If you think you have received a fraudulent message report it to phishing@hmrc.gov.uk.

Unsure about your tax obligations? – Price Davis have over 20 years’ experience and are on hand for any queries: info@pricedavis.co.uk   01452 812 491. 

For general advice on cyber security check out the following government links: