HMRC Enquiry Centres to close

HMRC – gone phishing?

“Phishing” is the term used to describe communications that are destined to acquire financial information about the recipient through fraudulent means.

A relatively new phenomenon, most of us are thankfully now on the lookout for attempts, particularly by email, to get us to click on links and give bank or credit card details, including usernames and passwords. But email isn’t the only communication method used by these people: letters, bogus callers and text messages are also commonly used to prize information from vulnerable people.

While we’ve grown wise to the fact that our bank is highly unlikely to send us an email that requires our password to access it, what we’re less used to is the fact that phishing activities have spread from Paypal, banks, building societies and credit card companies and now include HM Revenue & Customs (HMRC).

HMRC communications are reported as being mimicked by fraudsters to target employees and employers alike and it is essential that everyone knows how to recognise a fraud email and what to do if they receive one.

Typically, a phishing email will ask you to do one of two things:

  1. Click a link or download a document. Both of these actions will lead to malware being installed on your computer, so it’s essential not to do it.
  2. Click a link and use your bank/building society/HMRC username and password to access a password-protected document. Clearly you should never do this either without verifying the source of the email.

If you take either one of these actions on a phishing email, your computer is likely to be frozen and your personal details will (more than likely) be in the lap of a criminal, to do with as he or she wishes.

Latest scam

One of the latest phishing scams is targeted towards both individuals and employers. They are being sent emails from what looks like a credible HMRC email address. These emails contain ZIP files and a reference number which then gives access to a fake HMRC website. The content of the email is reported as stating that self-assessment returns have been received by HMRC but that they have not yet been processed. This strategy plays on the fear of penalties (a response that is completely natural) and these recipients are more often than not tempted to click through the link as requested. The most important message is NOT to click through on any link from HMRC without first checking the legitimacy of the message. There are a growing number of such emails, so it is well worth being forewarned so you can take the necessary action.

For business owners and employers, it is worth being aware that one of the latest tricks in this phishing scandal is the sending of fake Employer’s Bulletin 46s in an attempt to gain access to personal information. In this particular case, the real e-alerts will go out on February 17th and around this time it’s important to be extra vigilant for fake follow ups. It is expected that fake emails will be sent around this time that will give rise to a virus that exposes your computer-stored data to hackers and fraudsters.

Safety first

Here’s what you should do if you receive an email claiming to be from HMRC:

  • If you’re not 100% confident that the message has come from a legitimate source, don’t be tempted to open it.
  • If you open the email and you’re in any doubt whatsoever, don’t click on any links or downloads.
  • Vary your passwords, so if you do become a victim of phishing activities, the risk is limited.
  • Keep your computer virus software up to date.
  • If in doubt, go to the sender’s official website and check out what you’re being told.

If you receive a communication from HMRC that seems a bit ‘phish-y’, be on the safe side and report it to: phishing@hmrc.gsi.gov.uk. Such is the size of this problem that HMRC has a dedicated website page that you can (safely) access here .

If you’re concerned about an HMRC communication and are struggling to get reassurance from HMRC themselves; perhaps we can help? Get in touch if you’re concerned about the security of your financial information.