HMRC e-mail spam

HMRC e-mail spam

Didn't find your answer?

In the past two days I have received two e-mails purporting to come from "[email protected]", the latest one being:

Thank you for sending your VAT Return online. The submission for reference 8937040 was successfully received on Thu, 6 Feb 2014 21:00:17 +0200  and is being processed. Make VAT Returns is just one of the many online services we offer that can save you time and paperwork. 

For the latest information on your VAT Return please open attached report. 

The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free. 

Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. 
 

Attachment: Reference.zip 
application/zip; name="Reference.zip" 
Please be careful with attachments from an unknown source. Attachments can be potentially harmful to your computer and data.

These e-mails have been addressed to my firm's e-mail address.

Now I know that HMRC do not send attachments by e-mail, I have not filed any VAT returns today and that this is a different wording to the normal VAT return submission acknowledgement, but it could be very easy to mistake this for the real thing.

Please be aware of this kind of spam.

Replies (13)

Please login or register to join the discussion.

avatar
By MattG
06th Feb 2014 11:29

Me too

I just got one through reminding me to file an Employer Annual Return by 29th February 2014, the email then later mentions I need to send P35 and P14s in for 19th May!

The layout and wording looks similar to HMRC style reminders and this puported to come from [email protected], but hopefully no on the ball accountants would be fooled - 29th Feb 2014? P35/14s under RTI? Ha!

I could see some people who do their own payroll being fooled though.

Thanks (0)
avatar
By Jekyll and Hyde
06th Feb 2014 11:45

I have just received this one, clearly incorrect information

 

Employer Annual Return

Employers must file their Employer Annual Return (P35 and P14s) for 2013-14 online to reach us by 29 February 2014. We strongly recommend that you file your return online, as soon as it is ready.
Don’t forget, Extra Statutory Concession B46 came to an end in 2011 so the period of grace no longer applies. To avoid penalties, file your Employer Annual Return (P35 and P14s) online and file as soon as you can before 19 May 2013.

Please complete all relevant sections of the attached application form and attach the appropriate documents.

Reply to this email as this mailbox is monitored for incoming mail.

Thanks (0)
Replying to Burbage Accounting:
avatar
By ACDWebb
07th Feb 2014 07:08

This one turned up

Jekyll and Hyde wrote:

 

Employer Annual Return

Employers must file their Employer Annual Return (P35 and P14s) for 2013-14 online to reach us by 29 February 2014. We strongly recommend that you file your return online, as soon as it is ready.
Don’t forget, Extra Statutory Concession B46 came to an end in 2011 so the period of grace no longer applies. To avoid penalties, file your Employer Annual Return (P35 and P14s) online and file as soon as you can before 19 May 2013.

Please complete all relevant sections of the attached application form and attach the appropriate documents.

Reply to this email as this mailbox is monitored for incoming mail.

at a home email address with the ZIP attached. Just told Mailwasher to kill it
Thanks (0)
Euan's picture
By Euan MacLennan
06th Feb 2014 12:14

The legitimate one ...

... comes from "[email protected]" with a subject "RTI-Making final submissions for the 2013-14 tax year [87] [Protective Marking: UNCLASSIFIED]" and a .doc attachment.

It also contains a final sentence "This e-mail may have been intercepted and its information altered."

Make of that what you will!

Thanks (0)
By Canary Boy
06th Feb 2014 12:18

Euan

I've just received "the legitimate one", but I dare not open it!

Thanks (0)
Euan's picture
By Euan MacLennan
06th Feb 2014 12:45

Don't be yellow!

It is quite safe and is one of HMRC's better pieces of guidance.

Thanks (1)
By ireallyshouldknowthisbut
06th Feb 2014 13:03

@Euan and Canary boy I was just debating that one with my assistant.  The conclusion was "lets not take the risk, eh, I don't want to spend the next 24 hours testing out backup procedures"

 

 

 

Thanks (0)
Replying to Ruddles:
Euan's picture
By Euan MacLennan
06th Feb 2014 13:12

Go on - take the risk!

ireallyshouldknowthisbut wrote:

@Euan and Canary boy I was just debating that one with my assistant.  The conclusion was "lets not take the risk, eh, I don't want to spend the next 24 hours testing out backup procedures"

I have and our office network is still working fine.  How could an e-mail with such a tortuous subject and file name be from anyone other than HMRC?  As I said before, the document give 3 pages of useful advice if you run payrolls.

Thanks (1)
avatar
By andrew55
06th Feb 2014 13:07

There is a difference between genuine and scam and that is the genuine one has a word file attached and the scam one has a zip file.

All these current scams seem to have zip files and are worth deleting unless you're very sure they're genuine.

Thanks (0)
avatar
By brianscholar
06th Feb 2014 13:36

We haven't had one of these for ages

(I feel quite ignored) but would running a virus scan on the email and zip files reveal dodgy ones?

Thanks (0)
Replying to Matrix:
avatar
By DMGbus
06th Feb 2014 16:13

Depends upon AV software

A recent scan of one of these .zip attachments using (1) Bullguard and (2) Trend Micro failed to flag an issue.

Mailguard has been a bit hit and miss in recent weeks in identifying what it says (if dodgy) "banned part".

Intuitive software has been unintuitive (no more than a placebo software "solution" maybe) and a request for support using the support link on their webpages received no response.    I am told that as a user I am expected to "train" this (un)intuitive software as to what is / what what is not spam.   There have been instances of eMails not being received here by colleagues, suspicion being that (un)intuitive has held them back - problem is that cannot see what (un)intuitive has held back / blocked as incoming eMails.  As already stated the helpline was eMailed (sdome weeks ago) and no response from (un)intuitive.

 

Thanks (0)
By Canary Boy
06th Feb 2014 14:27

OK I'm not

as yellow as my name suggests!

I've opened it, printed it, and will read it later. Thanks Euan.

Thanks (0)
avatar
By User deleted
07th Feb 2014 08:05

Help if you opened the attachment ...

Have a look at - https://www.malwarebytes.org/

Good to run this periodically anyway on your pc

 

Thanks (0)