Revenue warns of tax return email scam | AccountingWEB

Revenue warns of tax return email scam

AccountingWEB members have warned about scam self assessment submission emails being sent following the submission of tax returns.

HMRC confirmed that the emails are identical to a scam they have been notified of.

According to members, the emails are sent from a legitimate looking email address ending in and include a ZIP file and a reference number. When accessed as a website. the website bears the logo but is in fact a fake site. 

The emails state the self assessment submissions were received but were not...


» Register now

The full article is available to registered AccountingWEB members only. To read the rest of this article you’ll need to login or register.

Registration is FREE and allows you to view all content, ask questions, comment and much more.

Silver Birch Accts's picture


Silver Birch Accts | | Permalink

We received a Real Time Submission Scam last week along the same lines.

A certain insider knowledge is required to send these as they are using seemingly legitimate references, although it was not one of ours

It was deleted straight away.


HMRC dont use email do they?    1 thanks

RJandCo | | Permalink

As far as I am aware,  HMRC never ever contact taxpayers direct by email for anything.  Where would they have your email address from?   There is nothing on any self assessment registration form that asks for an email address.  There is no box on a tax return which asks for an email address.    If any enquiry is launched or they have any other query you always get a hard copy letter,  although I recently was able to conduct an enquiry via email direct with the Inspector, using the Inpector's personal email address quoted on the enquiry letter.  So I always tell all clients that anything via email from HMRC is ALWAYS going to be a scam, so just delete without opening attachments.   Its pretty obvious anyway that's its a scam,  usually from the fact that these emails never quote a client name or UTR.  (And the misspellings and arcane language used)

A general point is that depending on how your computer is set up,  if you hover the cursor  (don't click!) over a a link in an email, down at the bottom left of the screen you will see the actual address (URL)  of the link,  which in a scam email, will be somewhat different from what the link would suggest.  If its a scam from HMRC then somewhat down the line, several slashes along, might be a reference to HMRC,  but the principal website will be something very different, usually with a foreign identifier after the dot.  Quite a lot appear to emanate from Russia.  

Any one here actually had a genuine first contact from HMRC by email in respect of self assessment?

Richard Joseph


RE: HMRC dont use email . . .


I've recently had a VAT enquiry on a client that was conducted entirely by email, until the final settlement assessment was sent by normal post to the client. I have another client where the enquiry officer is using email - also re VAT.

Maybe they're moving forward a little into the 21st century?



taxinfo | | Permalink

Be afraid. Be very afraid.


If you want to know how scary Cryptolocker is just google it.

What's made it worse it that this malware has now evolved from a straightforward Trojan, which you can delete, to a worm.

Crypolocker prevent Software Restriction Policy Path Rules.

supremetwo | | Permalink

taxinfo wrote:
Be afraid. Be very afraid.BEWARE CRYPTOLOCKER. NOT JUST IN THESE SCAMS BUT EVERYWHERE.If you want to know how scary Cryptolocker is just google it.What's made it worse it that this malware has now evolved from a straightforward Trojan, which you can delete, to a worm.

See prevent tool:-

Software Restriction Policy Path Rules.

This makes it very easy for anyone using Windows XP SP 2 and above to quickly add the Software Restriction Policies to your computer in order to prevent CryptoLocker and Zbot from being executed in the first place.

HMRC phising

Sandra Parrish | | Permalink

I received one of these emails this morning and unfortunately opened the attachment which said it was a jpeg file - it was not - it would not open at all - I don't know if it downloaded anything but I checked my computer for malware and there was nothing so I immediately deleted it  from my computer - I am just wondering if anyone else has had the same thing and if it affected their computer.