HMRC investigate over 10,000 email, SMS, social media, and telephone scams

24 August 2020

HMRC advise that they are investigating over 10,000 email, SMS, social media, and telephone scams which look to exploit the COVID-19 pandemic. Data obtained under the Freedom of Information (FOI) Act and collected by the Lanop Accountancy group, also highlighted that a total of 106 COVID-19 related websites have been requested to be removed by HMRC since March 2020.

May 2020 saw the highest number of phishing scams, with 5,152 reported to HMRC by members of the public and business. This was an increase of 337% when compared to March 2020 when 133 cases were reported. Each month thereafter, there has been an increase with 2,105 reported in April and a further 2,558 reported in June.

In one reported scam, the victims were sent a text message claiming it to be from HMRC, which informed the receiver that they were due a tax refund and that they should apply for this online. The link within the message sends the receiver to a website which uses HMRC branding and is entitled “Coronavirus (COVID-19) guidance and support”. When accessing the site, users are asked for several sensitive pieces of information, prior to being asked for their password as “verification”.

A further scam aimed at those using the government’s Self-Employment Income Support Scheme (SEISS), offers a bogus tax rebate. The most recent text message informs the victim they are eligible for a tax refund and directs them to a website which then leads to a realistic impersonation of the HMRC government site. A form on the site then requests the individual’s email address, postcode and HMRC log-in details.

Another scam exploits the government’s Coronavirus Job Retention Scheme (CJRS) with a phishing email scam pretending to be from HMRC, designed to take personal information. The email, again, which uses official HMRC branding, claims to be from Jim Harra, First Permanent Secretary and Chief Executive of HMRC, in an attempt to get business owners to reveal their bank account information.

Cyber security expert Chris Ross, SVP International, Barracuda Networks, comments:

“With HMRC offering a range of financial support packages for businesses and individuals during the pandemic, it’s no surprise that hackers have chosen to exploit the crisis in an effort to cash-in on Covid-19”.

Readers are reminder that you will never get an email, text message or phone call from HMRC advising you about a tax rebate or penalty, asking you for personal information or payment information.

If you are in receipt of anything suspicious, this can be reported to the HMRC phishing team. Text messages can be forwarded to 60599 and emails or details of phone calls sent to phishing to [email protected]. By providing details of the call including the callers number and time/date the call was made, it can aid HMRC with investigations in tackling this type of abuse.


Information provided in this news article may be subject to change. Please make note of the date of publication to ensure that you are viewing up to date information. Download the CIPP's Payroll: Need to know - your guide to payroll legislation and reporting for the most up to date data.