HMRC phishing email warning

10 Apr 2018

The Revenue is once again warning of a phishing email campaign claiming to be from HMRC. The email, entitled ‘Accelerated payment notice’, looks like it has come from HMRC, but actually it’s come from a look-a-like domain noreply@hmrc-email.co.uk or noreply@hmrc-notice.co.uk.

The email, which should be reported and deleted immediately, reads as follows:

Accelerated payment notice

Date 06 April 2018
Our ref #19060418

This accelerated payment notice is for Income Tax (PAYE) and relates to the scheme shown in the attached document.

For the tax year ended April 5 2014
Amount due in respect of this notice:

£46,212.35

About this notice
Where this notice refers to 'you' as the business that must pay Income Tax and/or National Insurance contributions to HMRC using the PAYE system.

See screenshot for a visual of the phishing email.

The ICPA, an Organisation for all Accountants in Practice, has kindly provided the following information to help you determine if an email is fraudulent:

As well as spelling mistakes and poor grammar, there are a number of things you can look out for to help you recognise a phishing/bogus email.

1. Incorrect ‘From’ address
Look out for a sender’s email address that is similar to, but not the same as, HMRC’s email addresses. Fraudsters often have email accounts with HMRC or revenue names in them (such as ‘refunds@hmrc.org.uk’). These email addresses are used to mislead you.

However be aware, fraudsters can falsify (spoof) the ‘from’ address to look like a legitimate HMRC address (for example ‘@hmrc.gov.uk’).

Examples of phishing and bogus emails

2. Personal information
HMRC will never:
• send notifications of a tax rebate by email
• ask you to disclose personal or payment information by email

3. Urgent action required
Fraudsters want you to act immediately. Be wary of emails containing phrases like ‘you only have 3 days to reply’ or ‘urgent action required’.

4. Bogus websites
Fraudsters often include links to webpages that look like the homepage of the HMRC website. This is to trick you into disclosing personal/confidential information. Just because the page may look genuine, does not mean it is. Bogus webpages often contain links to banks/building societies, or display fields and boxes requesting your personal information such as passwords, credit card or bank account details.
You should be aware that fraudsters sometimes include genuine links to HMRC web pages in their emails, this is to try and make their emails appear genuine.

5. Common greeting
Fraudsters often send high volumes of phishing emails in one go so even though they may have your email address, they seldom have your name. Be cautious of emails sent with a generic greeting such as ‘Dear Customer’.

6. Attachments
Be cautious of attachments as these could contain viruses designed to steal your personal information.

If you have received a phishing email related to HMRC, or you’re not sure if it’s genuine, you can click on the link for guidance about how to report internet scams and phishing to HMRC.

If you have any concerns regarding your tax return or other related matters, our experts at Beavis Morgan are available to assist. We take the hassle of dealing with HMRC away from you, so you don’t need to deal directly with them. We are also able to advise on all aspects of tax whether compliance or planning.

Contact Paul Attridge or your usual Beavis Morgan Partner for further information and assistance.