Save content
Have you found this content useful? Use the button above to save it to your profile.

Huge surge in HMRC scam emails

26th Jul 2009
Save content
Have you found this content useful? Use the button above to save it to your profile.

July has seen a massive surge in the number of scam emails claiming to be from HMRC. The emails all promise a tax refund and request the reader to click through to a website and enter bank and/or credit card details for the repayment to be made to. Some request three-digit security codes from the reverse of credit cards, and also mother’s maiden name which would provide fraudsters with more marketable information.

This is a fairly standard phishing approach, through which account details are collated and both used fraudulently and offered for sale subsequently.

Some of the emails are remarkably authentic, with email addresses including the trailer, making them appear more plausible. However, for the tax expert there are a few clues. First, the emails almost always start with the words “following a review of your fiscal activity”. Those experienced in UK tax know that this terminology would never be used by HMRC.

Secondly, the colour used as the background to the white HMRC logo is not quite accurate. On the email I received it was slightly too blue/green and looked obviously incorrect to me. Still, as the recipient of very many phishing emails, it did rank quite highly in authenticity.

It would be wise to warn clients that a very high level of activity is being reported at the moment. It is also worth noting that during July alone, HMRC has closed down scam networks in Korea, Thailand, the UK and USA. Those wishing to report a phishing email should contact [email protected], delete the email and not click through to the website as requested. There is more information on the HMRC press release.



Replies (1)

Please login or register to join the discussion.

By mikewhit
04th Aug 2009 12:02

Take down ?
I always forward phishing emails to (and then click the 'report spam' buttons) in the hope that a) the phishing site b) the spam server c) the email destination get taken down.

But a web-developer colleague says that this is a vain hope since the WHOIS info is often bogus.

One can hope though ...

Thanks (0)