HMRC has issued guidelines for businesses so they can spot when an email is really from HMRC, and when it’s not. HMRC is concerned that businesses may receive phishing emails claiming to be HMRC. These emails are fraudulent, and look to obtain the recipient’s personal or financial information such as passwords and credit card or bank account details.
HMRC’s guidelines set out how to tell if an email is fraudulent. They recommend that you look out for the following:
Incorrect “from” address – look out for a sender’s email address that is similar to, but not the same as, HMRC’s email addresses. Although the guidelines point out that fraudsters can falsify the “from” address to look like a legitimate HMRC address.
Request for Personal Information – HMRC will never send notifications of a tax rebate via email; or ask you to disclose personal or payment information by email.
Urgent action required – fraudsters will ask you to act immediately. Be wary of emails containing phrases such as “ you only have 3 days to reply” or “urgent action required”.
Bogus websites – fraudsters often include links to webpages that look like the homepage of the HMRC website. This is to trick you into disclosing personal or confidential information. The page may look genuine, so be careful.
Common greeting – fraudsters will send bulk emails, and may include a generic greeting, such as “Dear Customer”
Attachments – be careful of attachments. If it is a bogus email the attachment may contain viruses designed to steal your personal information.
If you have received a phishing or bogus email claiming to be the HMRC, report it to the HMRC. Follow this link.