‘HMRC’ tax refund fraud: beware of phishing emails
Fake ‘HMRC’ tax refund emails are once again flooding inboxes. We’ll show you how to spot a fake tax rebate email.
According to Wikipedia, “Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication“.
And the time when bogus emails were poorly designed and easily spotted is coming to an end. In a tax rebate scam spotted by our Senior Accountant in early March 2018, not only the letter attached is almost free of the common silly mistakes, but a website created as an almost perfect copy of the HMRC is jaw dropping.
After seeing many different scam and bogus emails it is safe to say that this is one of the closest to perfection scams – and proportionally dangerous. Let’s break it down so you can learn how to spot fake communication in the future.
The email is written to convince you that it is private, confidential and secure. Even though the Symantec sign is explained to be from an anti virus, it is more of a visual impact to give the feeling of trust in the source. However, spelling mistakes leave room for questions and, looking closely, what is really suspicious is the sender address – nowhere near from the HMRC official domain:
So far nothing impressive. That’s until you open the letter attached to the email:
With the HM Revenue & Customs logo, date and the Crown, it becomes very convincing that the communication is from an official and trusted source.
The instructions point to a supposedly HMRC website in which you “need to create a Government Gateway account”. That is the trap to get credit card details.
When you get to the website things get impressively similar to the original, especially for those who don’t need to access HMRC website on a regular basis. Once again, the domain on the website is the confirmation that this has nothing to do with the official Government portal.
With a quick search on google you can find dozens of different attempts like this one. If you’re unsure of whether or not you can trust any email, here are some tips that can save you a lot of trouble:
- Check the sender email
Usually emails from the HMRC should come from an email like email@example.com, firstname.lastname@example.org or email@example.com. Anything too long, full of letters and numbers is normally wrong.
- Don’t give your personal information or credit card details online unless you are certain it is a trusted website.
- Seek for help
In case you receive any suspicious emails, make sure you send it to firstname.lastname@example.org before deleting it. It will help the HMRC to investigate and tackle such crimes.
In case you are unsure about what you received, feel free to speak with one of our accountants and we’ll be happy to help.
Fraudsters trying to get your money claiming they’re from HMRC is nothing new, so we have this other post about itwith other examples.
Share this article so others around you will know what to do, too.