Skip to main content

Taxman warns against rebate phishing scams

Press Release   •   Feb 07, 2014 09:52 GMT

HM Revenue and Customs (HMRC) is warning taxpayers not to be caught out by email phishing scams which offer tax rebates in return for bank account or credit card details.

A record-breaking 8.48 million tax returns were filed online by last week’s 31 January filing deadline. However, the three months prior to the deadline also saw customers report 23,247 phishing emails to HMRC – up 47 per cent on the same period a year earlier. During 2013, customers reported over 91,000 phishing emails to HMRC.

Anyone responding to this type of email risks opening their bank account to fraudsters and having their details sold on to other organised criminal gangs.

As a result of customers forwarding these emails to HMRC, the department was last month able to close 178 websites which it found were the source of these emails – up from 65 in January 2013. During 2013, HMRC closed down 1,476 websites sending these types of scam emails.

Gareth Lloyd, Head of Digital Security at HMRC, said:

“HMRC never contacts customers who are due a tax refund via email – we always send a letter through the post.

“If you receive an email claiming to be from HMRC which offers a tax rebate, please send it to phishing@hmrc.gsi.gov.uk and then delete it permanently. We can, and do, close these websites down, and do all we can to ensure taxpayers stay safe online by working with law enforcement agencies around the world to target the criminals behind these scams.”

HMRC strongly advises customers who receive such an email to:

HMRC action has led to websites being closed down around the world, including in the USA, Russia and elsewhere.

Notes to editors

1.  The scam email often begins with a sentence such as ‘we have reviewed your tax return; according to our calculations of your last year’s accounts a tax refund of XXXX is due.’

2.  Legitimate tax rebate forms (P800s) from HMRC will contain a payment order and will never ask for credit or debit card details.

3.  Typical details requested in these emails include – name, address, date of birth, bank account number, sort code, credit card details, National Insurance number, passwords and mother’s maiden name.

4.  Bogus HMRC emails have also recently been circulated to employers containing zip file attachments or hyperlinks. These should not be opened because they include a virus. Get more information on this at http://www.hmrc.gov.uk/security/examples.htm

5.  The Self Assessment tax return deadline was 31 January, and last year HMRC saw an increase in the number of phishing emails being reported after this deadline.

6.  Follow HMRC on Twitter @HMRCgovuk

7.  HMRC’s Flickr channel www.flickr.com/hmrcgovuk

Issued by HM Revenue & Customs Press Office

HM Revenue & Customs (HMRC) is the UK’s tax authority.

HMRC is responsible for making sure that the money is available to fund the UK’s public services and for helping families and individuals with targeted financial support.