How to spot HMRC text, email and phone phishing scams

When tax season in the UK arrives, so do the inevitable phishing scams. And 2021 isn’t going to be any different.

There are two important dates in the UK tax calendar. The end of January, when last year’s tax returns need to be filed by (if you submit online) and any tax payments need to be made. And April 5th, which signifies the end of the current tax year. The lead up to both dates will see a surge in HMRC themed phishing scams.

The aim of the scammers is to trick a victim into thinking the scammer is an HMRC representative in order to lure them into handing over sensitive financial and personal information about yourself. Information that can be used to commit identity fraud or access your bank accounts. The scammers may even try and persuade you to hand over money directly to them by claiming you’ve not paid enough tax.

Such scams are initiated through text (SMS), email or by phone. We look at each.

HMRC SMS phishing scams

SMS phishing scams can also be known by the term “smishing”.

Perhaps most prolifically these scams are sent out through text messages, and attempt to lure the recipient into clicking a link to a phishing website. The message below for example claims the recipient is due a tax refund.

HMRC: Records show you have a pending tax refund from HMRC. To calculate your claim, please visit [link]

It’s a classic phishing scam, and the link leads to a spoof site designed to look like the UK Gov website. Only it isn’t, and you can tell from the web address at the top (it isn’t hmrc.gov.uk.) Any and all details you enter into this site will be transmitted straight to the crooks.

Pro Tip: HMRC don’t send text messages asking you to click a link. Never click links in text messages that claim to be from the HMRC (or any other financial entity like your bank.) If you’re not sure it’s genuine, go to the HRMC website directly and login.


Sponsored Content. Continued below...




HMRC email phishing scams

The same scams can be sent to your email address too. But they work in the same way as their SMS counterparts. The email will usually contain a link, and again that link will lead to a phishing spoof website determined at getting you to enter your personal and financial information, which is transmitted to the crooks.

An example of a phishing email from the HMRC, again claiming you’re due a refund –

If an email addresses you as “Tax Payer”, it’s going to be a scam. Also watch out for bad spelling and bad grammar, and again, before you enter any information into a website, always check the web address.

Pro Tip: Emails claiming to be from the HMRC that ask you to open an email attachment will be a scam, and the attachment will result in a malware infection if you open it.


Sponsored Content. Continued below...




HMRC phone scams

Phone scams can take on many different forms. Like the text messages and emails, they can claim you’re due a refund. But they can take on a more threatening tone as well. For example they can claim you’ve not paid enough tax, and even threaten you with fines or even prison. This is to panic a recipient into complying with the scammer’s demands. (This variant of the scam can also happen through email or text as well.)

Pro Tip: HMRC don’t make threatening phone calls demanding money over the phone.

Whatever the person claims on the other end of the phone, the aim of this scam is to lure you into either paying money over the phone, or giving away sensitive information about yourself. So if you get such a call from someone claiming to be from the HMRC, hang up.

With all of the above points, whether it’s a text, email or incoming call, don’t respond. If you’re not sure if it’s genuine you can contact the HMRC yourself using the contact information on the hmrc.gov.uk website. Try and avoid clicking links in emails or text messages unless you were expecting them as a general rule of thumb, and always have reliable security software installed at all times. (Our recommendations are here.)

To report a phishing text message, forward it to 60599 (charged at network rate.) To report a phishing email, forward it to phishing@hmrc.gov.uk. To report a phone call, fill in this online form.