Don’t take the bait, be cyber aware

03 April 2017


HMRC issue a reminder of the do’s and don’ts through their tax agent blog:


Scammers are using increasingly sophisticated methods to spoof legitimate HMRC communication with information that appears both genuine and relevant. However, you should always remember HMRC will never notify you of a tax rebate by email or text. And they will not ask you to disclose personal or payment information by email or text.


If you have the slightest doubt that a HMRC email or text is fake, then:


  • do not open attachments, they could contain a virus

  • do not click on links; they could take you to a fake HMRC site

  • do not disclose personal/confidential information

  • do, forward suspicious HMRC text messages to 60599 (charged at your network rate)

  • do, forward suspicious emails to HMRC phishing team at, [email protected].


If in doubt, check security guidance: Dealing with HMRC Phishing and scams.


If you think you have disclosed personal information in response to a scam HMRC email or text, act quickly. Contact the HMRC security team at, [email protected] providing brief details of what you disclosed (e.g. name, address, HMRC User ID, password). Do not give your personal details in the email.


At a top level, HMRC and agents are working together to protect their clients. By reporting your suspicions, and promoting cyber security messages, you can protect yourself, colleagues and clients from threats.