Return of the phantom filers

Share this content

Reports are coming through of a return of the highly lucrative bogus tax refund scam.

The ICAEW Tax Faculty reported this week that some of its members had seen a recurrence of scammers using purloined agent login details and passwords to submit self assessment returns with relatively low income levels and claiming refunds just under £3,000.

While self assessment season this year ran reasonably smoothly for many AccountingWEB members, there were multiple reports of increasingly sophisticated phishing attempts during the past three months...

Please Login or Register to read the full article

The full article is available to registered members only. To read the rest of this article you’ll need to login or register. Registration is FREE and allows you to view all content, ask questions, comment and much more.

About John Stokdyk

John Stokdyk is the global editor of AccountingWEB UK and


Please login or register to join the discussion.

06th Feb 2014 13:05

Not correct

The link to emails and alerts takes you to the HMRC Genuine HMRC Contacts page on which it states that Educational emails "will appear in your address bar as [email protected]".

So why have I and presumably many other agents received an e-mail today from [email protected], which is clearly an educational email with the tortuous subject "RTI-Making final submissions for the 2013-14 tax year [87] [Protective Marking: UNCLASSIFIED]"?  The main clue that it is not spam is that the attachment is a .doc, rather than a .zip, file with the zappy name "140205 - At a Glance V1 0 (4).doc.

Thanks (3)
07th Feb 2014 12:08

Re: Not correct

All the viruses I get that claim to come from HMRC also have "[email protected]" in the address bar.  I had about 20 of them yesterday.  The virus scanner had deleted the virus and replaced it with a note inside the .zip file saying it had been removed.

The problem is that HMRC have not published an "SPF record" for the domain, so spam filters have no way of knowing whether the email came from a genuine HMRC email server or not.  That is something they should do as a matter of urgency.  It will take them about half an hour to change the DNS record if they have to read up how to do it, or a few seconds if they know what they are doing.

Thanks (0)
07th Feb 2014 13:24


jonbryce wrote:

or a few seconds if they know what they are doing.

I suspect they have a myriad of smtp servers. Producing and then maintaining the list would be challenge enough and then there would be the 256 character limit on SPF records and the 10 dns lookups.

Yes, they should rationalise all their various email systems but that would be time consuming and costly and therefore unlikely in times of austerity.

Also, realistically, how effective is it ? has an SPF record - so scammers just use domain that is similar enough to fool the unwary.

Thanks (0)
06th Feb 2014 13:05

Missing authorisation code

I have had an HMRC agent authorisation code go missing - I wonder whether it's been intercepted by someone incorrectly identifying it as potentially a login/password reminder in advance of self-assessment?

Of course my client might just have lost it/not opened it/fed it to the dog...

Thanks (0)
06th Feb 2014 13:23

Wrong address?

CatherineR5 wrote:

Of course my client might just have lost it/not opened it/fed it to the dog...

... or not informed HMRC of his change of address.

Thanks (0)
06th Feb 2014 14:42


Client has not moved. And I've checked that.

Thanks (0)
06th Feb 2014 13:34

Sorry to hijack this thread but we have just received the email referred to by Euan.  However it leaves two questions unanswered:-


1)  it states that you should "just answer a few extra questions" when you make your final submission.  It suggests that the final submission will be the final FPS and makes no mention of an EPS.  But what if you do an EPS (to show CIS Deductions) after the final FPS.  Which is the final submission, the FPS or the EPS?


2)  as the questions have to be answered when the final submission is made "you may wish to make sure you have the answers to the questions ready in time".  What are the questions??  Are they exactly the same as the questions on last year's P35 or have there been any changes?


Also, the link to HMRC's website "for further guidance on your PAYE final submission and end of year tasks" appears to be broken!


Any useful thoughts / comments?

Thanks (0)
06th Feb 2014 13:51

Employers Employers Annual Return

Below is text of e-mail received earlier suppose to be  from HMRC.......clearly this is a SCAM and those Accounts who receive them should NOT attempt to open & respond to this.


I am forwarding the same to HMRC for their action.



Subhash Sampat

PINNER Middlesex



Employer Annual Return

Employers must file their Employer Annual Return (P35 and P14s) for 2013-14 online to reach us by 29 February 2014. We strongly recommend that you file your return online, as soon as it is ready.
Don’t forget, Extra Statutory Concession B46 came to an end in 2011 so the period of grace no longer applies. To avoid penalties, file your Employer Annual Return (P35 and P14s) online and file as soon as you can before 19 May 2013.

Please complete all relevant sections of the attached application form and attach the appropriate documents.

Reply to this email as this mailbox is monitored for incoming mail.

Thanks (1)
06th Feb 2014 14:27

FAO The Tax Factory...

The final submission can be either a FPS or an EPS, depending on your circumstances, so if you do need to complete an EPS after the final FPS of the year then you should include the answers to the end of year declarations in that submission.

The declarations are essentially the same as the old P35 declarations:



Sage (UK) Ltd.

Thanks (1)
06th Feb 2014 14:37

Unimpressed with Learning Together effort

Thanks @Euan and @The Tax Factory for sharing your latest missive. It seems to show one part of HMRC not really being up to speed with what's happening elsewhere.

It's apparent that the security boffins have put considerable time and energy into educating the marketplace about best practices - yet the same message hasn't reached their own colleagues. Including any kind of attachment in such a message goes against all the "never open any suspect attachment" advice people have been giving out for years - is it really that difficult to cut and paste the contents into the email message?

Tax Factory, you might get a better response to your EPS queries on the Any Answers page, where I suspect other members may share some of your frustrations. 

Thanks too @Subhash for sharing the Employer Annual Return phishing message - that hasn't made it to HMRC's list of examples yet, but as you point out, it's not one of the scammers' more sophisticated efforts. Thanks to RTI, end of year returns are a thing of the past and I'm partcularly perplexed about the 29 Feb 2014 deadline.

I can forgive the crooks for not being up to speed with HMRC procedures, but surely they know when leap years are supposed to happen?

Thanks (1)
06th Feb 2014 16:02


I have had 3 e mails today. One stating Year End 2013-14 File by 29 February,with a comment about 19 may 2013. Obviously a SCAM.

The 2 the same which appear genuine from HMRC about filing by 20 April if no payments made in March 2014.


No wonder we are all getting mystified.


I take the view that "Refunds" are usually a SCam.

VAT could be a dodgy one, so I read thenbin if it looks wrong.

Hope this helps.

Perhaps HMRC should use a specific coding aligned to peoples UTR or Companies REg no or Reg Vat No. It would help us ensure it was a genuine E mail.

Richard P

Thanks (0)
07th Feb 2014 10:28

It is a numbers game

Winter Soltice wrote:

Unless I am actually expecting an email, such as confirmation of a return I filed 30 seconds ago....

Millions are sent hoping one will land in your inbox just after you have filed a return, bought something on paypal or are expecting a delivery etc.

A mandatory charge of 0.1p per email would sort a lot of scam and junk.


Thanks (0)
07th Feb 2014 08:23

Let's be careful out there.

The real giveaway is them signing the email Sunglassses Ron & Paddy the Greek.

Thanks (2)
07th Feb 2014 17:28

concerted government action is reuired

to stop these spammers , thieves and data  corrupters , put GCHQ to something that will benefit everybody

Thanks (1)