Don’t take the bait, be cyber aware
03 April 2017
HMRC issue a reminder of the do’s and don’ts through their tax agent blog:
Scammers are using increasingly sophisticated methods to spoof legitimate HMRC communication with information that appears both genuine and relevant. However, you should always remember HMRC will never notify you of a tax rebate by email or text. And they will not ask you to disclose personal or payment information by email or text.
If you have the slightest doubt that a HMRC email or text is fake, then:
do not open attachments, they could contain a virus
do not click on links; they could take you to a fake HMRC site
do not disclose personal/confidential information
do, forward suspicious HMRC text messages to 60599 (charged at your network rate)
do, forward suspicious emails to HMRC phishing team at, email@example.com.
If in doubt, check security guidance: Dealing with HMRC Phishing and scams.
If you think you have disclosed personal information in response to a scam HMRC email or text, act quickly. Contact the HMRC security team at, firstname.lastname@example.org providing brief details of what you disclosed (e.g. name, address, HMRC User ID, password). Do not give your personal details in the email.
At a top level, HMRC and agents are working together to protect their clients. By reporting your suspicions, and promoting cyber security messages, you can protect yourself, colleagues and clients from threats.