We are often asked: “How can I spot if an email that appears to come from HM Revenue & Customs (HMRC) is genuine or not?”.
HMRC has issued new guidance for businesses and individuals detailing some of the techniques used by fraudsters, which gives comprehensive information on how to tell a genuine email from the taxman from a fake from a fraudster.
The HMRC website offers the following advice to help identify fraudulent emails. The sending of fake emails – which usually attempt to access personal identity and financial details – is known as phishing.
Identifying a fraudulent email:
- Look for spelling errors and mistakes in the email text and subject title.
- Check the sender’s address is the gov.uk site. Fraudsters often have email accounts with HMRC or Revenue names in them, for example firstname.lastname@example.org, which can easily mislead the unwary. Many sophisticated online criminals now have access to falsified ‘from’ addresses that look like a legitimate HMRC address, for example ‘@hmrc.gov.uk, so it is essential to be extra-vigilant.
- Consider the origin of the email and do not open it or attempt to open links or downloads.
- Be suspicious of any email that requests immediate action. HMRC will not make demands in this manner.
- Be cautious of emails sent with a generic greeting such as ‘Dear Customer’. Emails from HMRC will always address taxpayers using an officially registered name.
- Do not always trust an email that includes information on how to report phishing to HMRC as this may have been copied from HMRC’s own site.
Emails from HMRC will never:
- Notify taxpayers of a tax rebate.
- Offer a repayment.
- Ask taxpayers to disclose personal information such as full address, postcode, Unique Taxpayer Reference or bank account details.
- Give a non-HMRC personal email address for a response.
- Ask for financial information such as specific figures or tax computations (unless prior consent has been given and all risks have been formally accepted).
- Contain attachments (unless prior consent has been given and all risks have been formally accepted).
- Provide a link to a secure log-in page or a form asking for information – HMRC will also request taxpayers to log on to an online account to check for information and take action.
If you believe you have received a phishing email related to HMRC, or you are not sure if it is genuine, you can forward any suspicious emails or details of text messages to email@example.com or check HMRC’s guidance on recognising scams.
If you believe you have given out any information to fraudsters, contact firstname.lastname@example.org. Provide brief details of the details you disclosed (e.g. name, address, HMRC User ID, password) – but do not give your personal details in the email.
Milsted Langdon’s leading edge IT consultancy offers highly experienced 24/7 support and customer updates on all technological issues and offers protection for all types of data, including payroll records.
We are so certain we can add value to our clients’ IT operations that we offer our support service with a one month free trial.
For more information, please visit www.milstedlangdon.co.uk/specialisms/it-consultancy/