I am frequently receiving communications from clients, that either ask “what’s this about?” or “is this genuine?
The surge in digital communication has brought with it a rise in fraudulent activities, including those pretending to be from Her Majesty’s Revenue and Customs (HMRC). Scammers are becoming increasingly sophisticated in their methods, making it crucial for individuals and businesses to be vigilant.
HMRC communicates with taxpayers through various channels, including letters, emails, phone calls, and text messages. Understanding the typical characteristics of genuine HMRC communications can help you spot the fakes.
HMRC typically contacts taxpayers via:
- Letters: Mailed to your registered address, often with official HMRC branding and reference numbers.
- Emails: Sent from email addresses ending in @hmrc.gov.uk. They do not request sensitive information via email.
- Phone Calls: Made to discuss specific issues, but HMRC will never ask for personal information directly over the phone.
- Text Messages: Used to provide updates or reminders, but they will not include links asking for personal information.
Common Signs of Fraudulent Communications
Fraudulent communications typically have certain telltale signs that can help you identify them. These include:
Urgency & threats – Scammers often use scare tactics to prompt immediate action. Phrases like “urgent action required,” “you owe tax,” or “your account will be closed” are red flags. HMRC will never threaten you with arrest, legal action, or financial penalties out of the blue.
Unsolicited requests for personal information – HMRC will never ask for sensitive personal information such as your bank details, National Insurance number, or passwords via email, text message, or phone call. If you receive such a request, it is likely a scam.
Suspicious email addresses and links – Check the sender’s email address carefully. Fraudulent emails often come from addresses that look similar to official HMRC addresses but may have subtle differences. Hover over links within the email without clicking – if the URL looks suspicious or unrelated to HMRC, do not click.
Poor grammar and spelling – Official HMRC communications are professional and free of grammatical errors. If you have a Welsh address, letters will be bi-lingual. Scammers often use automated translation services, resulting in poor grammar and spelling mistakes.
Unexpected attachments – HMRC will not send unsolicited attachments. If you receive an email with an unexpected attachment, delete it without opening.
Protecting Yourself from Fraudulent Communications
Verify the source – If you receive a suspicious communication, contact HMRC directly using the contact information from their official website. Never use contact details provided in the suspicious message. Alternatively call your accountant or tax advisor. They will be able to ascertain in most cases what your tax position is and whether this is somebody trying their luck.
Do not share personal information – Be cautious about sharing personal information, even if the request appears legitimate. HMRC will never ask for sensitive details via email, text, or phone call.
Report suspicious communications – Forward suspicious emails to phishing@hmrc.gov.uk and suspicious texts to 60599. Reporting these attempts helps HMRC take action against scammers.
Use security software – Ensure your devices have up-to-date security software to protect against malware and phishing attempts. Historically security software slowed down your device and people were reluctant to use it. In today’s world of very sophisticated scams and fraudulent activity, you cannot afford to not install this software. It is also less impactful on the speed of your device than it was historically. So if you have been put off in the past – give it another go. It could save you a lot of money and aggravation. This link will take you to HMRC’s own guidance on what to look out for
Stay informed – Regularly check HMRC’s official website for updates on current scams and advice on how to stay safe.
What to Do if You Fall Victim
Act quickly – If you believe you have fallen victim to a scam, act quickly. Contact your bank, the police, and HMRC to report the incident.
Change passwords – Change passwords for any affected accounts, and consider enabling two-factor authentication for added security. Don’t use the same password for different accounts. If another account you have is compromised then the fraudster will be able to access your Government Gateway. We recommend you use a Password Manager.
Monitor accounts – Keep a close eye on your bank and credit card statements for any unusual activity.
Fraudulent HMRC communications can have serious consequences, but by staying vigilant and informed, you can protect yourself. Remember to verify the source, avoid sharing personal information, and report suspicious messages. By following these guidelines, you can reduce the risk of falling victim to scams and keep your personal information safe.