An Organisation for all
Accountants in Practice

Phishing emails and bogus contacts

By HMRC

If you think you may have received a HM Revenue and Customs (HMRC) related phishing/bogus email, you can check it against the examples shown in this guide.

It will assist our investigations if you report all 'HMRC related' phishing emails to HMRC. Even if you receive the same/similar phishing email on multiple occasions, please forward it to phishing@hmrc.gsi.gov.uk and then delete it. Do not open any attachments or click on any links within the email, as they may contain malicious software.

Email scam  addresses

Tax rebate / tax refund

HMRC will never send notifications of a tax rebate/refund by email, or ask you to disclose personal or payment information by email.

Do not visit the website contained within the email or disclose any personal or payment information. A selection of scam email addresses used to distribute the tax rebate emails can be seen below:

  • reve.alert@hmrc.gov.uk
  • services@hmrc.co.uk
  • noreply@hmrevenue.com
  • service@hmrc.gov.uk
  • service.refund@hmrc.gov
  • secure@hmrc.co.uk
  • hmrc@gov.uk
  • taxes@hmrc.co.uk
  • taxrefund-notice@hmrc.gov.uk
  • taxrefund@hmrc.gov.uk
  • refund-help@hmrc.gov.uk
  • service@online.com
  • email@hmrc.gov.uk
  • refund.alert@hmrc.gov.uk
  • refunds@hmrc.gov.uk
  • srvcs@hmrc.gov.uk
  • alertsonline@hmrc.co.uk
  • info@hmrc.gov.uk
  • rebate@hmrc.gov.uk

HMRC does not use any of the above email addresses.

Phishing examples

An example of a HMRC related phishing email / phishing website designed to trick people into disclosing personal information can be seen below:-

Example 1

Example 2

Recent Phishing email Scams

‘Your tax return was incorrectly filled out’  – email scam

HMRC is aware of a bogus email being circulated advising customers they have made mistakes while completing  the last tax form

application (ID: XXXXXXXXXXX.)’ The email contains a link which should not be clicked as it may direct you to a phishing site or contain malware. Do not respond to this email. Forward it to phishing@hmrc.gsi.gov.uk then delete it.

Example 3

Individuals - Tax information  newsletter, Issue: 2014/September

HMRC is aware of a bogus email being circulated requesting customers to verify their identity. It asks customers to provide photographic copies of their passport, NI card, utility bill and bank statement. Do not respond to this email. Forward it to phishing@hmrc.gsi.gov.uk then delete it.

Example 4

HMRC is aware of a bogus email being circulated advising customers their tax notices have been issued. The email includes an attachment which should not be opened as it contains a virus.

Do not respond to the email and delete it immediately.

Example 5

HMRC Employer Alerts and Registrations

HMRC is aware that a bogus version of the 'Employer Alerts & Registrations' email is currently being circulated. The email advises customers that their registration details have been recorded for email alert purposes only. The fraudulent version of the email encourages customers to open an attached zip file and to complete all the relevant sections.

The attached zip file contains a virus and should not be opened. The genuine version does not contain a zip file.

Example 6

Important  information  for employers  - Employer Bulletin Issue 46

HMRC is aware of a bogus email being circulated advising customers that  the latest version of the Employer Bulletin (Issue 46 ) has just been published. The email contains a separate zip file attachment which should not be opened as this contains a virus.

The genuine Employer Bulletin 46 was issued from 17 February and does not contain a zip file attachment.

Example 7

Could not process Online Submission for Reference ***/EG123456

HMRC is aware of a bogus email being circulated advising customers that HMRC has not been able to process their Full Payment Submission. The email includes an attachment which should not be opened as it contains a virus. Do not respond to the email and delete it immediately.

Example 8

VAT - successful receipt of online submission

HMRC is aware of a bogus email being circulated thanking customers for sending a VAT Return online. The email includes an attachment which should not be opened as it contains a virus.

Do not respond to the email and delete it immediately

Example 9

Refund companies

HMRC is aware of companies who issue emails advertising their services. They offer to apply to HMRC for a rebate of National Insurance/tax on the customer's behalf, usually for a fee. These companies are not connected with HMRC in any way.

Historical  phishing emails

The following are descriptions of phishing emails already reported by customers to HMRC:  PayPal

Emails advising customers to download an attachment to request a tax refund via PayPal. Do not download the attachment.

Example 10

Security checks

Emails sent to customers from secure@hmrc.gov.ukclaiming that HMRC is carrying out additional security checks and requesting confirmation of bank details. Do not click on any of the links contained in the email.

Export Clearance Process (Delivery Stop Order)

Emails claim that goods have been withheld by customs and require a payment before release.

Requests made to customers for payment or personal  information

HMRC is aware that  customers  have received emails requesting personal details  or payment in exchange for:

Example 11

  •  lottery winnings
  •  seized goods/packages (held by Customs and Excise)
  •  certificates/bonds
  •  inheritance payments

HMRC will never request payment or personal details by email.

If you receive any of these mails please forward them to phishing@hmrc.gsi.gov.uk and then delete them.

Note: fraudsters sometimes sign off such scams using the name of a genuine member of HMRC to try and make the scam appear more genuine. If you're in any doubt, please forward the email to HMRC for verification.

Example 12

Compensation Claim

The scam leads customers to believe that they may have been the victim of fraud and requests personal details on the pretext that compensation will be paid.

Example 13

Letter Scams

Publication of companies and VAT registration numbers in the UKWhilst this is not a phishing scam HMRC is aware of a letter which is being issued to customers which leads them to believe that they are required to provide details of their VAT registration number.This company is not connected to HMRC and you are under no obligation to reply to the letter.

Bogus callers

HMRC is aware that some customers have received telephone calls or home visits from people claiming to be from HMRC. They are encouraged to provide their bank account details in exchange for tax advice enabling them to make a payment or obtain a refund of tax. A fee is charged for this service.

If you cannot verify the identity of the caller we recommend that you report it to the police immediately.

SMS text  messages

HMRC may occasionally issue SMS messages, however these messages will never request personal or banking information. If you receive an SMS message claiming to be from HMRC and offering a tax refund in exchange for personal/banking details you should not respond. It would assist our investigations if you could forward the SMS via email to phishing@hmrc.gsi.gov.uk before deleting it.

Do not open any links contained within the SMS. An example of a phishing SMS message can be seen below.

Example 14

Request  to complete NRL1 forms  and return  by  Fax

Lettings agents and landlords living abroad are being targeted by a series of scams. These request completion of a form NRL1 (by email, letter or fax) and ask for a considerable amount of personal information.

These forms (which may be headed 'Application for Withholding Certificate for Dispositions by Foreign Persons of UK Real Property Interests' or 'Application for a tax-free account and to receive rental income without deduction of tax for Non- UK Residents') are not issued by HMRC and should not be completed.

HMRC will never ask you to disclose personal information by email or fax.

Published June 2015