Phishing e-mail warning from HMRC

HMRC has published guidance to help taxpayers distinguish between genuine correspondence from HMRC and fraudulent “phishing” e-mails sent by online scammers.  It features an up to date list of communication methods that HMRC uses, along with a list of warning signs and details of what to do with any suspicious messages.  According to the guidance there are six key “tells” that indicate an e-mail is fraudulent:

  1. an incorrect “from” address;
  2. the use of a common greeting such as “dear sir” or “dear madam”;
  3. requests for personal information;
  4. a request for urgent action, such as “reply within three days”;
  5. links to bogus websites;
  6. the presence of one or more attachments.

E-mail addresses that are frequently used by scammers to trick recipients into believing an e-mail is genuine include refund-help@hmrc.gov.uk, email@hmrc.gov.uk adn refunds@hmrc.gov.uk.  Suspicious e-mails should be forwarded to HMRC via phising@hmrc.gsi.gov.uk and if you think you might have given any personal information to scammers contact HMRC via security.custcon@hmrc.gsi.gov.uk, providing a description of the details disclosed, but not the actual details.

The guidance is can be found at http://bit.ly/1zS4WZh