Stop Your Money Being Stolen: The Rise Of HMRC Phishing Emails

Stop Your Money Being Stolen: The Rise Of HMRC Phishing Emails

Cybercrime is part and parcel of the murky anonymity of the internet. But phishing emails are becoming more sophisticated. Fraudsters are even taking the guise of authorities we trust, such as HMRC, in an increasing number of scamming attempts.

Cyber criminals are wearing the ‘official’ badge of HMRC like a borrowed costume, fooling people by promising a tax rebate. Here is an in-depth look at what’s happening online, and how to avoid becoming a victim.

What is a phishing email?

For those who don’t know, ‘phishing’ is the practice of contacting someone (usually via email) with an offer that’s meant to help them. It often assumes the form of a request, advertisement or competition prize, asking you to follow a link that’s provided in the body of the message.

Usually, the subject line, address and accompanying dialogue seems legitimate – the whole point is to trick you into believing the email has come from a reputable source. To that effect, criminals may even go so far as to use the logo and email design of the organisation they are trying to copy. But when someone clicks the link, they may be signing away their bank details, or downloading intrusive malware that spreads through their IT system.

Phishing is a massive issue: 78% of respondents in a 2016 survey said they understood email security risks, yet 45% clicked on a link in a phishing simulation anyway.

Hackers vs HMRC

Every year, scammers are finding new ways to break your trust, worming into data they wouldn’t normally receive. HMRC is a prime target for phishing campaigns because it is one of the most trusted organisations in the UK.

The government has laid out a guide for recognising phishing attempts under its own label. First, it states that HMRC will never contact people via email, at least to discuss their tax reclamation. If you’re asked to enter bank details for a tax rebate, you can be 100% certain that it’s a scam. Secondly, the guide lists a series of bogus email addresses to reference in the event of a suspicious message.

Con artists may be using the official GOV.UK logo, with the crown, for credibility. They can also implement text messaging (your number can be gained from a hack on a third-party data store) to request a payment or refund. The language is formal and well composed; to all intents and purposes, it sounds believable.

What to do

The most important thing to remember is that you have a right to suspect foul play. Cybercrime is an extremely successful venture; the perpetrators learn how to hide it effectively, and keep changing their tactics as they’re weeded out.

So to avoid falling prey to these events, ignore – i.e. delete without opening – any email that purports to be a tax-related HMRC correspondence. Don’t click on web links, attachments or downloads. The same goes for social media messages and anything that comes through your phone.

The Government has asked that any phishing examples are sent to For texts, the number to forward messages to is 60599. This helps the Government track what criminals are doing and where the messages may be coming from. Destroy the phishing item immediately after you pass it on to a genuine investigations channel.

It’s worth recognising that the internet can be an enemy, as well as a friend. Stay vigilant, and never reply to any HMRC outreach that asks for your personal info.


About SimpleTax

SimpleTax is tax preparation software that makes it easy for anyone to complete their Self Assessment. Created by GoSimple Software and recognised by HMRC, the cloud-based software streamlines the tax return process and ensures your records are watertight. Not only that, but GoSimple Software also ensure your details stay safe with a strict data sharing policy and 256-bit encryption. Try the 14-day free trial today.




Start your free trial