HMRC continues to warn taxpayers to be aware of email phishing scams. Phishing emails are used by fraudsters to access recipients' valuable personal details, such as usernames and passwords. Fake email messages can appear to be genuine but clicking on a link from within the email can result in personal information being compromised and the possibility of computer viruses affecting your computer or smartphone.
Taxpayers need to look out for emails that are from a similar address to HMRC such as email@example.com. Fraudsters have also been known to falsify the 'from' address to look like a legitimate HMRC address for example @hmrc.gov.uk.
HMRC also publishes online guidance that confirm emails from HMRC will never:
- notify you of a tax rebate,
- offer you a repayment,
- ask you to disclose personal information such as your full address, postcode, Unique Taxpayer Reference or details of your bank account,
- give a non HMRC personal, response email address,
- ask for financial information such as specific figures or tax computations, unless you’ve given HMRC prior consent and you've formally accepted the risks,
- have attachments, unless you’ve given prior consent and you've formally accepted the risks,
- provide a link to a secure log in page or a form asking for information - HMRC will ask you to log on to your online account to check for information instead.
You should also be wary of any emails that require urgent action, contain links to bogus websites or use a common greeting. Genuine emails from HMRC will usually be addressed to you personally. If you are unsure as to the validity of any email or communication from HMRC it should not be opened until the sender can be verified.