HM Revenue & Customs is warning UK taxpayers to remain alert for fraudulent tax rebate emails and SMS texts that are doing the rounds nationwide.
The messages sent to UK taxpayers promise tax refunds following the submission of self assessment Tax Returns for the 2017-18 financial year. Fraudsters hope to gain access to individuals’ personal tax accounts and subsequent personal details.
Many of the fraudulent emails and texts incorporate phishing links which transfer users to unsecure websites pretending to be HM Revenue & Customs (HMRC). Individuals are then asked to submit personal information on these fake web pages, allowing cyber-criminals to steal it.
Mel Stride MP, Financial Secretary to the Treasury, said: “HMRC only informs you about tax refunds through the post or through your pay via your employer.
“All emails, text messages or voicemail messages saying you have a tax refund are a scam.
“Do not click on any links in these messages and forward them to HMRC’s phishing email address and phone number.
“We know that criminals will try and use events like the end of the financial year, the self-assessment deadline and the issuing of tax refunds to target the public and attempt to get them to reveal their personal data. It is important to be alert to the danger.”
In March 2018, some 2,672 phishing websites purporting to be HMRC were taken down thanks to 84,549 phishing reports received by UK taxpayers.
These phishing attacks are expected to continue throughout the summer as HMRC prepares to distribute any genuine tax rebates between June and October. The official rebates will include a tax calculation letter, either a P800 or a Simple Assessment letter, documenting the amount owed back to the taxpayer once income tax had been calculated for the 6th April 2017 to 5th April 2018 period.
3 simple steps to guard against phishing attacks
HMRC has advised customers to adopt the following three steps to protect themselves against the threat of online fraud:
Be aware of the signs
High street banks and HMRC will never contact you asking for your logins, PINs, passwords or bank details. HMRC published a handy guide to help you to spot genuine HMRC communications.
Stay vigilant online
Never disclose your personal data, respond to SMS texts, download email attachments or click on links in emails you weren’t anticipating.
If you suspect you’ve been involved in a phishing attack from someone claiming to be HMRC, email firstname.lastname@example.org, text 60599 or call Action Fraud immediately on 0300 123 2040. Action Fraud also has an online tool to report suspected online fraud.