Increase in digital activity is a big market for fraudsters

15 June 2015

There are 43,000 paid agents serving 8million clients and 70 per cent of SMEs employ an agent for at least some of their affairs, that’s a market that’s being targeted by fraudsters through phishing and bogus emails.

HMRC’s Blog ‘working with tax agents’ says:

There’s no doubt that HMRCs online services have been a great success, levels of engagement continue to increase and we are continually looking to improve the experience for you but with increased digital activity comes increased digital risks.

There are 43,000 paid agents serving 8million clients and 70% of SMEs employ an agent for at least some of their affairs, that’s a market that’s being targeted by fraudsters through phishing and bogus emails.

Tax phishing emails purporting to be from HMRC are on the rise, some scams are more sophisticated than others but there will always be tell-tale signs giving the scammers away, I’d like to highlight some of those.

We know phishers will send high volumes of mail in one go and while they may have your email address they won’t have your name, if you get a “Dear Customer” email, be cautious. Scammers are using increasingly sophisticated methods, including social engineering, to craft their phishing emails in such a way that they appear both genuine and relevant to the recipient.

We will never send notifications of a tax rebate by email and we will never ask you to disclose personal or payment information by email. If you have the slightest doubt don’t open attachments, there could be viruses contained in them, don’t click on links which could take you to bogus websites with bogus webpages designed to look like the homepage of HMRC that have one aim, to trick you into disclosing personal/ confidential information.

If you think you might have disclosed personal information in response to a bogus email, act quickly and give us details of what’s happened, what’s been disclosed and send it to security.custcon@hmrc.gsi.gov.uk.

So how can you spot a bogus email?

A genuine HMRC email won’t ask for passwords, credit card details or bank account details but an identity thief certainly will.

If you are unsure or something just doesn’t feel right, take that moment and follow HMRC’s guidance.

It’s the responsibility of us all to remain vigilant, working together we will beat the scammers. Our security teams would like to see any scams that you come across so they can look to address the issue, so please let them know at phishing@hmrc.gsi.gov.uk.