The scam email from my inbox
One morning recently, I opened my inbox to a piece of good news. Apparently, I'd paid too much tax over the last couple of years, and so HMRC wanted to give me a refund.
Well, according to the email's subject line, actually they were going to send me a 'refound'. But that's a mistake anyone can make, right?
HMRC email scams are on the rise
As you've probably guessed, this email was a poor attempt to scam me. It's a classic piece of phishing, where scammers send out official-looking messages to thousands (or millions) of email addresses in the hope that a few people will click a link in the email.
Different scams operate in different ways, but typically the criminals either want you to provide sensitive information like your bank details, or are trying to infect your computer with malware via a dodgy website.
Fake HMRC emails do tend to peak each year around the self-assessment deadline in January, but this year it seems there's been a significant rise. As the messages are continuing to flow, it's wise to stay on your guard.
How to spot an HRMC scam
Many of these HMRC phishing attempts are laughable, with ridiculous typos like 'refound'. A good spam filter or security software that checks your email should filter out most of them.
However, a few scam messages will always find their way into your inbox. And it's these you need to be careful of. Anyone can be fooled if they open a fake email at the wrong moment — like while they're very busy or distracted.
There's a lot of good guidance on HMRC's own website about how to spot scams and what to do. But here are some of the most important points to remember:
- Scam messages can cover all sorts of topics, from payroll returns to messages promising rebates and refunds.
- Be wary of messages that contain misspellings, typos and images that don't load properly.
- Often, phishing emails have a sense of urgency, asking you to act immediately or face serious consequences.
- HMRC never sends information about tax rebates by email. Nor does it request personal or payment details by email.
- Be careful of attachments, especially .zip files. These could well infect your computer when you open them.
- Don't click links in an email if you have any doubts. It's best to navigate directly to the HMRC website or give them a quick call, instead.
Finally, before you follow a link in an email from HMRC, or reply to the message, take a moment to think. Is there anything strange about the message? Does it ring true?
It's always better to be overcautious when faced with a dubious message. If you're in any doubt at all as to its origins, just delete it.
- Can you spot the phishing website?
- Watch out for spear phishing
- Three ways to stay safe from the phisher-men