Employer Bulletin 46: SCAM EMAIL WARNING

29 January 2014

A bogus copy of HMRC’s Employer Bulletin email alert is being circulated with false links.

Employer Bulletin 46 is due to be published on 17 February with the email alerts notifying employers that it is available starting on the same day. HMRC has been notified that once again a bogus copy of the e-alert has been sent out containing false links. This is known as a phishing email.

The criminals involved have then used a database of emails (not an HMRC database) to circulate the phishing email as widely as possible. The phishing email, built on the original wording in the e-alert, removes the URL link to the HMRC website and replaces it with a zipped document containing a Trojan virus. Figures show that there have only been about 20 cases reported so far so it seems HMRC have caught this one early.

Please check the URL carefully if you receive one of these emails and do not open it if you suspect it is not genuine. You can forward suspicious emails to HMRC at [email protected] and then delete it.

This is the second time this has happened to the Employer Bulletin; HMRC had a similar scam earlier this month in relation to September’s Bulletin.

The phishing team have instigated all their security processes. The security team have said that this is a criminal act and HMRC are not responsible. HMRC systems are not affected because of our firewalls.

An urgent message will also be posted on HMRC’s security web pages.

• CIPP policy and research