Return of the phantom filers

iStockphoto/Thinkstock

Reports are coming through of a return of the highly lucrative bogus tax refund scam.

The ICAEW Tax Faculty reported this week that some of its members had seen a recurrence of scammers using purloined agent login details and passwords to submit self assessment returns with relatively low income levels and claiming refunds just under £3,000.

While self assessment season this year ran reasonably smoothly for many AccountingWEB members, there were multiple reports of increasingly sophisticated phishing attempts during the past three months...

Continued...

» Register now

The full article is available to registered AccountingWEB members only. To read the rest of this article you’ll need to login or register.

Registration is FREE and allows you to view all content, ask questions, comment and much more.

Comments
Euan MacLennan's picture

Not correct    3 thanks

Euan MacLennan | | Permalink

The link to emails and alerts takes you to the HMRC Genuine HMRC Contacts page on which it states that Educational emails "will appear in your address bar as no-reply@hmrc.gov.uk".

So why have I and presumably many other agents received an e-mail today from learning.together.bcu@hmrc.gsi.gov.uk, which is clearly an educational email with the tortuous subject "RTI-Making final submissions for the 2013-14 tax year [87] [Protective Marking: UNCLASSIFIED]"?  The main clue that it is not spam is that the attachment is a .doc, rather than a .zip, file with the zappy name "140205 - At a Glance V1 0 (4).doc.

Missing authorisation code

CatherineR5 | | Permalink

I have had an HMRC agent authorisation code go missing - I wonder whether it's been intercepted by someone incorrectly identifying it as potentially a login/password reminder in advance of self-assessment?

Of course my client might just have lost it/not opened it/fed it to the dog...

Euan MacLennan's picture

Wrong address?

Euan MacLennan | | Permalink

CatherineR5 wrote:

Of course my client might just have lost it/not opened it/fed it to the dog...

... or not informed HMRC of his change of address.

Sorry to hijack this thread

The Tax Factory Ltd | | Permalink

Sorry to hijack this thread but we have just received the email referred to by Euan.  However it leaves two questions unanswered:-

 

1)  it states that you should "just answer a few extra questions" when you make your final submission.  It suggests that the final submission will be the final FPS and makes no mention of an EPS.  But what if you do an EPS (to show CIS Deductions) after the final FPS.  Which is the final submission, the FPS or the EPS?

 

2)  as the questions have to be answered when the final submission is made "you may wish to make sure you have the answers to the questions ready in time".  What are the questions??  Are they exactly the same as the questions on last year's P35 or have there been any changes?

 

Also, the link to HMRC's website "for further guidance on your PAYE final submission and end of year tasks" appears to be broken!

 

Any useful thoughts / comments?

Employers Employers Annual Return    1 thanks

subhash@sampat.... | | Permalink

Below is text of e-mail received earlier suppose to be  from HMRC.......clearly this is a SCAM and those Accounts who receive them should NOT attempt to open & respond to this.

 

I am forwarding the same to HMRC for their action.

Regards

 

Subhash Sampat

PINNER Middlesex

 

 

Employer Annual Return

Employers must file their Employer Annual Return (P35 and P14s) for 2013-14 online to reach us by 29 February 2014. We strongly recommend that you file your return online, as soon as it is ready.
Don’t forget, Extra Statutory Concession B46 came to an end in 2011 so the period of grace no longer applies. To avoid penalties, file your Employer Annual Return (P35 and P14s) online and file as soon as you can before 19 May 2013.

Please complete all relevant sections of the attached application form and attach the appropriate documents.

Reply to this email as this mailbox is monitored for incoming mail.

FAO The Tax Factory...    1 thanks

gary.ging | | Permalink

The final submission can be either a FPS or an EPS, depending on your circumstances, so if you do need to complete an EPS after the final FPS of the year then you should include the answers to the end of year declarations in that submission.

The declarations are essentially the same as the old P35 declarations:

http://www.hmrc.gov.uk/payerti/reporting/what-to-report.htm#9

Regards

Gary

Sage (UK) Ltd.

John Stokdyk's picture

Unimpressed with Learning Together effort    1 thanks

John Stokdyk | | Permalink

Thanks @Euan and @The Tax Factory for sharing your latest missive. It seems to show one part of HMRC not really being up to speed with what's happening elsewhere.

It's apparent that the security boffins have put considerable time and energy into educating the marketplace about best practices - yet the same message hasn't reached their own colleagues. Including any kind of attachment in such a message goes against all the "never open any suspect attachment" advice people have been giving out for years - is it really that difficult to cut and paste the contents into the email message?

Tax Factory, you might get a better response to your EPS queries on the Any Answers page, where I suspect other members may share some of your frustrations. 

Thanks too @Subhash for sharing the Employer Annual Return phishing message - that hasn't made it to HMRC's list of examples yet, but as you point out, it's not one of the scammers' more sophisticated efforts. Thanks to RTI, end of year returns are a thing of the past and I'm partcularly perplexed about the 29 Feb 2014 deadline.

I can forgive the crooks for not being up to speed with HMRC procedures, but surely they know when leap years are supposed to happen?

No...

CatherineR5 | | Permalink

Client has not moved. And I've checked that.

P35

ferncottage | | Permalink

I have had 3 e mails today. One stating Year End 2013-14 File by 29 February,with a comment about 19 may 2013. Obviously a SCAM.

The 2 the same which appear genuine from HMRC about filing by 20 April if no payments made in March 2014.

 

No wonder we are all getting mystified.

 

I take the view that "Refunds" are usually a SCam.

VAT could be a dodgy one, so I read thenbin if it looks wrong.

Hope this helps.

Perhaps HMRC should use a specific coding aligned to peoples UTR or Companies REg no or Reg Vat No. It would help us ensure it was a genuine E mail.

Richard P

Let's be careful out there.    2 thanks

spurs1952 | | Permalink

The real giveaway is them signing the email Sunglassses Ron & Paddy the Greek.

daveforbes's picture

It is a numbers game

daveforbes | | Permalink

Winter Soltice wrote:

Unless I am actually expecting an email, such as confirmation of a return I filed 30 seconds ago....

Millions are sent hoping one will land in your inbox just after you have filed a return, bought something on paypal or are expecting a delivery etc.

A mandatory charge of 0.1p per email would sort a lot of scam and junk.

 

Re: Not correct

jonbryce | | Permalink

All the viruses I get that claim to come from HMRC also have "noreply@hmrc.gov.uk" in the address bar.  I had about 20 of them yesterday.  The virus scanner had deleted the virus and replaced it with a note inside the .zip file saying it had been removed.

The problem is that HMRC have not published an "SPF record" for the hmrc.gov.uk domain, so spam filters have no way of knowing whether the email came from a genuine HMRC email server or not.  That is something they should do as a matter of urgency.  It will take them about half an hour to change the DNS record if they have to read up how to do it, or a few seconds if they know what they are doing.

daveforbes's picture

@jonbryce

daveforbes | | Permalink

jonbryce wrote:

or a few seconds if they know what they are doing.

I suspect they have a myriad of smtp servers. Producing and then maintaining the list would be challenge enough and then there would be the 256 character limit on SPF records and the 10 dns lookups.

Yes, they should rationalise all their various email systems but that would be time consuming and costly and therefore unlikely in times of austerity.

Also, realistically, how effective is it ? paypal.com has an SPF record - so scammers just use domain that is similar enough to fool the unwary.

carnmores's picture

concerted government action is reuired    1 thanks

carnmores | | Permalink

to stop these spammers , thieves and data  corrupters , put GCHQ to something that will benefit everybody