Several Taxfile customers have recently told us that they’ve been receiving emails, supposedly from HMRC, inviting them to click links within the emails in order to apply for tax refunds. Regrettably, some have confirmed that they did indeed click the links then log onto fake HMRC websites, which looked every bit real to them, thereby giving away such sensitive information as their bank details and things like their mother’s maiden name. Handing over such sensitive information to fraudsters would be an expensive mistake. In view of this, we thought we’d give our readers more information on what to look out for, what to expect to receive from HMRC, and what not to.
Firstly: How to Recognise a Scam Email
Here is an example of a real phishing (scam) email recently received by one of our customers. We’ve highlighted various areas of the email to indicate some of the telltale signs that the email is, indeed, a phishing attempt by fraudsters rather than a genuine communication from HMRC.
Some of the many telltale signs that this email is fake include:
- The sender is from a non-official domain (hmrcupdate.com is *not* a genuine HMRC website). Be careful, though, because some of the more advanced phishing emails do include genuine HMRC domains through what’s known as domain ‘spoofing’.
- The recipient is not identified by name in either the ‘To’ field nor in the salutation (‘Dear Sir | Madam’ is a dead giveaway, as is the fact that the email was sent to ‘undisclosed recipients‘!). Genuine HMRC emails will always address you by the name you provided them.
- Phishing emails often include silly errors that simply would not be published by the likes of HMRC. Under the logo, the date is wrong — it does not even mention a month!
- The email states that you ‘are due some refunds‘ (plural). If HMRC did send emails announcing that a refund was available (and it doesn’t) then it would be singular, not plural! This is one of many hints that the sender has poor English (read on).
- ‘Press here‘ is another example of poor English. Of course, in the UK, we’d say ‘Click here’.
- ‘Povide us‘ is clearly spelt wrong — there should be an ‘r’ in ‘Provide’. Spelling errors are a common indication that the email is non-genuine and has instead come from overseas where English spelling and grammar are often not as accurate as they should be.
- Further down it says ‘for refund‘ whereas it should say ‘for the refund’. Poor English/grammar again and another hint that this is a scam.
- When you hover over the link included in the email (*without* clicking it), if your email application’s “status bar” is showing at the bottom of the screen, you can see where the link is pointing to. In this case it’s pointing to a goo.gl domain and this simply wouldn’t be the case if this was a genuine HMRC email.
- Lastly, the email states that you have only 5 days to action the request. That is yet another telltale sign that this is a phishing scam. Fraudsters try to panic you into acting whereas HMRC would not make such a statement in a genuine email.
So you can see, when you look very carefully, that this is clearly a scam email. However, we should warn readers that other phishing emails are not so obvious. In fact, we’ve seen some real improvements in scam emails in recent months. One recent email was so genuine-looking that we’re not even 100% sure ourselves whether it’s a scam or not.
So what do you do if you are still not sure if an email is genuine?
If, after close scrutiny, you are still not sure whether the email is genuine, there are several things you can do … Read more