What is phishing?
“Phishing” is an illegal attempt to “fish” for an individual’s private and sensitive data. It works by using false pretences to lure individuals into disclosing personal or financial information such as bank account details, credit card details, and passwords.
One of the most common phishing scams involves sending emails/SMS that fraudulently claim to be from a well-known entity, such as HMRC. These often link to fake (spoof) websites where information can be intercepted by fraudsters.
Electronic means of communication
HMRC never send notifications by email about tax repayments or refunds. Therefore, if an email is received along these lines the recipient should not:
- visit the website;
- open any attachments; or
- disclose any personal or payment information.
Fraudsters may spoof a legitimate email address or change the ‘display name’ to make it appear authentic. If you are unsure, forward it to HMRC (phishing@hmrc.gov.uk) and delete it.
HMRC will never ask for personal or financial information when they send text messages. If you do receive a text message claiming to be from HMRC offering a tax refund in exchange for personal or financial details, do not open any links in the message. Send any phishing text messages to 60599 (network charges apply) or email phishing@hmrc.gov.uk, then delete it.
HMRC publish examples of phishing emails on their website.
Bogus phone calls
A more recent scam has emerged in the form of an automated phone call which informs the listener that HMRC are filing a lawsuit against them, and to press one to speak to a caseworker to make a payment. This scam has been widely reported and often targets elderly and vulnerable people. Other scam calls may offer a tax refund and request the listener to provide bank or credit card information.
Anyone who has been a victim of the scam and suffered financial loss should report it to Action Fraud. https://www.actionfraud.police.uk/