Posts

Watch out for scam emails, texts & calls

Watch Out – Fraudsters Are About!

Watch out for scam emails, texts & calls

Have you noticed a significant increase in the number of scam calls, phishing emails and dodgy texts to your mobile in recent weeks? We certainly have. Some of Taxfile’s customers have been asking if any are genuine, so we thought we’d send out this warning

If you receive a call, email or text from HMRC asking for your personal or financial details, it’s simple: DO NOT to give ANY information away via text, email or to someone calling you by telephone. They could be anyone! Your information will be used against you if it gets into the wrong hands — and that could potentially cost you a LOT of money. So if they call, text or email you out of the blue:

  • don’t confirm your date of birth,
  • don’t confirm your National Insurance Number,
  • don’t tell them your your mother’s Maiden name,
  • don’t confirm your Unique Taxpayer Reference (‘UTR’) or any other piece of personal or financial information,
  • … even if they say it’s urgent (most fraudsters will say it is, so as to panic you into divulging your information).

Even one bit of data given away can be dangerous these days. ‘Social Engineering’ scams can use one bit of information as a starting point to eventually build a more complete picture of your sensitive data. Once they have enough pieces of the jigsaw, they can potentially take over your identity, empty your bank account or go on a spending spree with a credit or debit card issued in your name. People have lost thousands! So, the message is to be careful not to give anything away via email, SMS/text or to someone who has telephoned you out of the blue.

If HMRC do send you a genuine email, text your mobile or call you, they will never ask for personal information, financial information or payment details. It may help you to check here to see a list of genuine communications that HMRC has recently sent.

If you’re going to give HMRC information and want to be sure it’s genuine, you need to Read more

Email phishing scam or genuine HMRC communication?

Received an HMRC Tax Refund Email? It’s probably a Phishing Scam!

Email phishing scam or genuine HMRC communication?Several Taxfile customers have recently told us that they’ve been receiving emails, supposedly from HMRC, inviting them to click links within the emails in order to apply for tax refunds. Regrettably, some have confirmed that they did indeed click the links then log onto fake HMRC websites, which looked every bit real to them, thereby giving away such sensitive information as their bank details and things like their mother’s maiden name. Handing over such sensitive information to fraudsters would be an expensive mistake. In view of this, we thought we’d give our readers more information on what to look out for, what to expect to receive from HMRC, and what not to.

Firstly: How to Recognise a Scam Email

Here is an example of a real phishing (scam) email recently received by one of our customers. We’ve highlighted various areas of the email to indicate some of the telltale signs that the email is, indeed, a phishing attempt by fraudsters rather than a genuine communication from HMRC.

Example of a phishing email

Some of the many telltale signs that this email is fake include:

  • The sender is from a non-official domain (hmrcupdate.com is *not* a genuine HMRC website). Be careful, though, because some of the more advanced phishing emails do include genuine HMRC domains through what’s known as domain ‘spoofing’.
  • The recipient is not identified by name in either the ‘To’ field nor in the salutation (‘Dear Sir | Madam’ is a dead giveaway, as is the fact that the email was sent to ‘undisclosed recipients‘!). Genuine HMRC emails will always address you by the name you provided them.
  • Phishing emails often include silly errors that simply would not be published by the likes of HMRC. Under the logo, the date is wrong — it does not even mention a month!
  • The email states that you ‘are due some refunds‘ (plural). If HMRC did send emails announcing that a refund was available (and it doesn’t) then it would be singular, not plural! This is one of many hints that the sender has poor English (read on).
  • Press here‘ is another example of poor English. Of course, in the UK, we’d say ‘Click here’.
  • Povide us‘ is clearly spelt wrong — there should be an ‘r’ in ‘Provide’. Spelling errors are a common indication that the email is non-genuine and has instead come from overseas where English spelling and grammar are often not as accurate as they should be.
  • Further down it says ‘for refund‘ whereas it should say ‘for the refund’. Poor English/grammar again and another hint that this is a scam.
  • When you hover over the link included in the email (*without* clicking it), if your email application’s “status bar” is showing at the bottom of the screen, you can see where the link is pointing to. In this case it’s pointing to a goo.gl domain and this simply wouldn’t be the case if this was a genuine HMRC email.
  • Lastly, the email states that you have only 5 days to action the request. That is yet another telltale sign that this is a phishing scam. Fraudsters try to panic you into acting whereas HMRC would not make such a statement in a genuine email.

So you can see, when you look very carefully, that this is clearly a scam email. However, we should warn readers that other phishing emails are not so obvious. In fact, we’ve seen some real improvements in scam emails in recent months. One recent email was so genuine-looking that we’re not even 100% sure ourselves whether it’s a scam or not.

So what do you do if you are still not sure if an email is genuine?

If, after close scrutiny, you are still not sure whether the email is genuine, there are several things you can do … Read more

Email Scam Warning in run-up to HMRC Tax Credits Deadline

Phishing scamsHMRC have sent out warnings over a significant threat from new ‘phishing’ emails purporting to be from them. They are, in fact, scam emails which include links to replicas of the HMRC site and are designed to trick people into disclosing security-sensitive financial and personal information such as bank details, National Insurance numbers, credit card details, passwords, mother’s maiden names and so on. In the wrong hands these details could mean theft of your money or even your identity. Many people do not realise they have been scammed until it’s too late so taxpayers need to stay alert when checking emails and browsing online.

HMRC state that they never ask for payment and personal information by email and also warned people to be very wary of opening email attachments as many contain malicious code of one form or another. This is especially difficult because some of the fraudulent emails look very genuine, even appearing on casual inspection to come from an email address like taxreturns@hmrc.gov.uk and containing promises of tax refunds or Read more