Don’t take the bait, be cyber aware

03 April 2017


HMRC issue a reminder of the do’s and don’ts through their tax agent blog:


Scammers are using increasingly sophisticated methods to spoof legitimate HMRC communication with information that appears both genuine and relevant. However, you should always remember HMRC will never notify you of a tax rebate by email or text. And they will not ask you to disclose personal or payment information by email or text.


If you have the slightest doubt that a HMRC email or text is fake, then:


  • do not open attachments, they could contain a virus

  • do not click on links; they could take you to a fake HMRC site

  • do not disclose personal/confidential information

  • do, forward suspicious HMRC text messages to 60599 (charged at your network rate)

  • do, forward suspicious emails to HMRC phishing team at,


If in doubt, check security guidance: Dealing with HMRC Phishing and scams.


If you think you have disclosed personal information in response to a scam HMRC email or text, act quickly. Contact the HMRC security team at, providing brief details of what you disclosed (e.g. name, address, HMRC User ID, password). Do not give your personal details in the email.


At a top level, HMRC and agents are working together to protect their clients. By reporting your suspicions, and promoting cyber security messages, you can protect yourself, colleagues and clients from threats.