Security questions on HMRC calls

Didn't find your answer?

I had a call from HMRC recently regarding a personal tax client. They wanted to talk about something but, given that I wasn't expecting a call, when they asked if they could go through security I asked them how I could be sure they were from HMRC.

The agent sort of sputtered and said he didn't know, so I asked for our SA agent ID, which he didn't know. I asked him how he expected to require security from me, but not expect me to require security of them, given the personal nature of the information. The agent just said they didn't have anything in place for this.

I'm pretty sure he was from HMRC but I'm not just going to give personal information over to some random person who calls me given the amount of HMRC spam we get these days.

Anyone else had this problem or am I just being picky?

Replies (25)

Please login or register to join the discussion.

By ireallyshouldknowthisbut
16th Apr 2024 11:45

Its debt collection. Just ask them to write to your client.

Thanks (2)
Replying to ireallyshouldknowthisbut:
avatar
By SkyBlue22
16th Apr 2024 12:02

This particular one I found out later wasn't actually for debt collection. But they did end up writing to the client.

Thanks (0)
avatar
By claudialowe
16th Apr 2024 11:50

I have had the same, and also asked for agent ID - which only HMRC would know, but is also not wildly confidential. They have always refused (couldn't?) give that information. A couple of times recently, they have asked me to give them a password in case they needed to call back about an issue. The trouble then is remembering what password I have given them - not that they have ever called back, but just continue to ignore whatever issue I was phoning about in the first place ;-)

Thanks (1)
Replying to claudialowe:
avatar
By FactChecker
16th Apr 2024 14:54

"A couple of times recently, they have asked me to give them a password in case they needed to call back about an issue. The trouble then is remembering what password I have given them .."

The *real* trouble with that is far more fundamental ... IF they are a fraudster, then giving them a password (which will in future be used to 'confirm' they are HMRC) doesn't seem like a bright suggestion to me?

Thanks (4)
Replying to FactChecker:
By SteveHa
16th Apr 2024 15:37

My understanding is that the password is a one shot deal, and is usually requested where you call them and they promise a call back.

I've found it works on the couple of occasions I've done it.

Thanks (0)
Replying to SteveHa:
avatar
By FactChecker
16th Apr 2024 20:17

Ah, I'd assumed (from the context of the post to which I was replying) that this 'offer' was being made by HMRC during a call that *they* had initiated.
Your version makes much more sense ... so thanks.

Thanks (3)
stonks
By WinterDragon
16th Apr 2024 11:51

Also had a couple of these calls recently, I don't doubt that it's HMRC at all as the number looks genuine and it seems unlikely that the clients they requested to speak about would be the subject of a well thought-out spearfishing attack BUT it's ridiculous when I ask for the client's AOR, they say they can't tell me that.

You can wrangle with them a little bit to find out what they want without confirming you act for the client or providing any information but, as above, it's always debt collection and they just want to put the pressure on.

Thanks (0)
Replying to WinterDragon:
avatar
By Leywood
16th Apr 2024 13:40

WinterDragon wrote:

I don't doubt that it's HMRC at all as the number looks genuine and it seems unlikely that the clients they requested to speak about would be the subject of a well thought-out spearfishing.

You’d be surprised. I had a call purporting to be from HSBC about a client (I’m on their bank mandate, historic read only access), was a complete scam. The number that appeared in my phone was the usual HSBC contact number and they knew a couple of things that made it appear genuine. Was clearly a cloned number.But I’m so mistrusting that I picked up on it quickly.

Thanks (0)
Replying to Leywood:
stonks
By WinterDragon
17th Apr 2024 11:52

Despite any lack of doubt, I still would not provide sensitive information without being 100% certain. I was nearly caught out by a similar scam personally. A call from my bank claiming fraudulent transactions. Sounds obvious now but they had me hook, line, and sinker that I was dealing with somebody from my bank. They never asked me to confirm any details and just had me confirm details they had on file which included my credit card number.

I only clocked on when they asked me for a 6 digit code that had just been texted to me that said "DO NOT GIVE THIS NUMBER OUT TO ANYONE, WE WILL NEVER ASK YOU FOR THIS CODE. To make a purchase of £6,500, use code ######."

Even when it was staring me in the face, it took me 20 seconds to comprehend I was being scammed and terminate the telephone call whilst this scammer was doing his best to convince me he was genuine. I'm supposed to be young and clued up on techy stuff yet it still shook me and caused me to take an emergency trip to the local branch to lock everything down. Anyone can be a victim of a scam so I'm glad I've learned to never be complacent.

Thanks (2)
Replying to Leywood:
By Nebs
19th Apr 2024 09:44

In this day and age it should not be beyond the capabilities of the phone companies to stop spoofed phone numbers appearing when you receive a call.

Thanks (3)
Replying to Nebs:
stonks
By WinterDragon
19th Apr 2024 10:28

I've gone down a rabbit hole trying to work out how phone spoofing works and how it could be prevented and I'm stealing a great analogy from reddit. Apparently, the number displayed is like a return address on the back of an envelope. You kind of take it at its word that the return address is accurate. To suddenly start trying to verify every single return address is genuinely the address of the sender would be impossible. What would you do? Require everyone who wants to send a letter to show ID at the post office?

Any solutions are impractical, expensive and the public aren't bothered until a tragedy happens and everyone says "oh no! Why didn't anyone do anything?"

Thanks (1)
avatar
By Paul Crowley
16th Apr 2024 12:23

Never yet had the HMRC willing to properly identify themselves, and every time they get a bit snotty about it.
It is basic GDPR issues giving out details about clients to a random stranger.

Thanks (8)
paddle steamer
By DJKL
16th Apr 2024 13:06

It is not just them, I get calls from utility companies asking to discuss "your electricity/gas/water" account, I ask which property and get told they cannot tell me because of security !!!!(Because in most cases we inherit utility accounts when tenants leave we as landlords are not set up as recognised parties re the account- it is like something written by Kafka)

Communication with all large entities has these days become a joke and frankly I now much prefer to have written records with such bodies (though HMRC's lack of e mail and post backlog does not make things easy) and utility companies take months, I am still sorting an electric overbilling case/complaint started last September.

Thanks (4)
avatar
By Postingcomments
16th Apr 2024 13:20

They make it hard for me to get in touch with them, so I'm not inclined to give them a quick and easy way to communicate with me.

I'm fine with the old way of them sending me a letter, which should reference the relevant statutory provisions under which they are acting. I'll then reply to it as I see fit.

Thanks (4)
avatar
By Hometing
16th Apr 2024 13:36

Good stuff. Should have had them hold for 30 mins, then transfer to someone who then tells them they cannot help with HMRC calls and will be put in a new queue.

Given their performance in recent years, I would be as awkward as possible with them (provided it doesn't have a negative impact on the client in question).

Thanks (2)
By Ruddles
16th Apr 2024 13:39

I ask for agent ID. If they refuse I tell them to contact client direct, and hang up.

The one that never fails to astound me is, having gone through checks and made it perfectly clear that I am agent, first question - “are you calling to make a payment?” Answers vary from “no” to “don’t be absurd”

Thanks (2)
avatar
By Yossarian
16th Apr 2024 14:55

Tell them there is lots of useful information on your website, and that you are a diverse team and abuse of any sort will not be tolerated. Then keep them on hold for two hours listening to terrible copyright-free music, finally say 'hello' but immediately slam the phone down. If that fails simply unplug your phone all summer..

Thanks (23)
Replying to Yossarian:
avatar
By Open all hours
17th Apr 2024 04:55

So many good ideas but surely there’s nowhere on earth that you would find them all in the same place at the same time? Oh, hang on…….

Thanks (1)
avatar
By Open all hours
17th Apr 2024 04:58

Never yet managed to get one of them through our security. Tell them to write and warn them that the speed of your reply may disturb their equilibrium.

Thanks (2)
John Hextall
By John Hextall
19th Apr 2024 09:54

You're not being picky, this is absolutely the correct response. It amazes me that all sorts of official bodies, including banks, can ring you up out of the blue and ask you to prove who you are by disclosing confidential information over the phone. It's exactly the sort of thing they all advise us not to do. When I say this to them, they usually say "you can ring this number and they will vouch for me". Yeah, right. They usually give in eventually.

Thanks (0)
avatar
By Anthony G Thorne
19th Apr 2024 09:56

I once had a call allegedly from HMRC and asking me to go through their security but said as phoning me they needed to go through my security the first question was who was the Chief Executive which they could not answer so I told them that they had failed my security and I was ending the call.

A couple days later the officer turned up at the office very indignant that I had terminated the call.

I also had a call from another officer of HMRC asking for a return call to a mobile so I wrote to Head Office to confirm that this was from one of their officers and whilst I was awaiting a reply he turned up on the doorstep and left a note as I was out still wanting to phone on his mobile.

We need a proper system to identify officers of HMRC as there is too much information out on the dark web obtained by impersonation.

Thanks (2)
avatar
By towat
19th Apr 2024 11:14

I never answer "security questions" from someone that has rung me, they have rung me, that should be proof enough of my identity.

When we ring HMRC we don't ask them to prove who they are.

Thanks (1)
avatar
By taxinfo
19th Apr 2024 11:38

We get this now and again. We always ask for their phone number so we can call them back. After carrying out our own checking first, of course.

If they won't - or can't - give a return number then they don't get what they want.

Thanks (0)
avatar
By Rgab1947
19th Apr 2024 17:24

I ask for an HMRC tel nos and say I will call them.

No complaints from them but they did warn I may get a different guy.

Mind you this was precovid.

I never release any info u till I have verified them. Never had an issue with them. The last one showed respect I wanted verification.

Thanks (0)
avatar
By Yossarian
20th Apr 2024 10:52

One tactic is to deliberately answer at least one of their security questions incorrectly. A genuine caller should realise immediately but a scammer won't.

Thanks (3)