The scam email often begins with a sentence such as ‘we have reviewed your tax return; according to our calculations of your last year’s accounts a tax refund of XXXX is due.’ Typical details requested in these emails include – name, address, date of birth, bank account number, sort code, credit card details, National Insurance number, passwords and mother’s maiden name. These bogus HMRC emails have also recently contained zip file attachments or hyperlinks, which, HMRC says, have been found to include a virus if opened.
Legitimate tax rebate forms (P800s) from HMRC will contain a payment order and will never ask for credit or debit card details.
A record-breaking 8.48 million tax returns were filed online by last week’s January 31 filing deadline. However, the three months prior to the deadline also saw customers report 23,247 phishing emails to HMRC – up 47 per cent on the same period a year earlier. During 2013, customers reported over 91,000 phishing emails to HMRC.
HMRC has wanted that anyone responding to this type of email risks opening their bank account to fraudsters and having their details sold on to other organised criminal gangs.
As a result of customers forwarding these emails to HMRC, the Department was last month able to close 178 websites which it found were the source of these emails – up from 65 in January 2013. During 2013, HMRC closed down 1,476 websites sending these types of scam emails. These websites were not just in the UK, but also included the USA, Russia and elsewhere.
Gareth Lloyd, Head of Digital Security at HMRC, said: “HMRC never contacts customers who are due a tax refund via email – we always send a letter through the post. We can, and do, close these websites down, and do all we can to ensure taxpayers stay safe online by working with law enforcement agencies around the world to target the criminals behind these scams.”
HMRC advises customers who receive such an email to:
- Check the advice published at www.hmrc.gov.uk/security/index.htm where examples of these fake emails are listed;
- Forward suspicious emails to HMRC at email@example.com and then delete it from your computer/mail account;
- Avoid clicking on websites, links or attachments contained in suspicious emails;
- If you have responded to one of these emails you should forward the email and disclosed details to firstname.lastname@example.org;
- Read the advice from www.getsafeonline.co.uk
If you wish to comment on this article, please log in and use the Reply button below. Registering is free and easy - see 'Join Shout99'.
Susie Hughes © Shout99 2014