HMRC updates their phishing guidance
In light of ever increasing phishing attempts, HMRC have updated their guidance around recognising genuine communications from them. These communications cover email, letter and telephone contacts made by HMRC to taxpayers.
Why might HMRC contact you?
There are a number of reasons why HMRC may wish to make contact, including a range of surveys and consultations. These include:
- Market research to improve a range of services. These are carried out through third parties, who will either write or telephone tax payers. They will NOT ask for personal information.
- Preparation for Brexit. This information may come as emails, by letter or telephone calls. They will NOT ask for personal information and are purely advisory.
- Compliance Check interview requests. These will be telephone calls, during which the HMRC staff member will send you an email confirming their identity. You can also call the relevant general enquiry helpline to check requests received. As a client, you can refer this call to us, under our Fee Protection Scheme.
- Information promoting the Personal Tax Account. These emails will be purely for information and will NOT request any personal details.
- Debt Management. If you’re behind with payments to HMRC, they may well send you automated messages, giving you details of how to pay and a helpline number to contact. They will NOT request any personal or financial information.
- VAT Emails. Email will be sent to business owners who’ve just registered for VAT, who are due to submit a return or who owe unpaid VAT. As above, these will NOT require personal or financial information.
HMRC emails will never:
- notify you of a tax rebate
- offer you a repayment
- ask you to disclose personal information such as your full address, postcode, Unique Taxpayer Reference or details of your bank account
- give a non HMRC personal email address to send a response to
- ask for financial information such as specific figures or tax computations, unless you’ve given us prior consent and you’ve formally accepted the risks
- have attachments, unless you’ve given prior consent and you’ve formally accepted the risks
These are important to note, as the phishing emails that continue to increase in number do most of the above!
Clues that an email may be bogus
There are various elements of the bogus communications that HMRC highlight as being warning signs. These include:
- Spelling mistakes and poor grammar.
- The email address of the sender of the email. Genuine email addresses from HMRC are structured as a sender’s name, followed by @hmrc.gov.uk.
- A short deadline, or a request for immediate response.
- Links to bogus websites that ask for private information, such as passwords, bank details or credit card numbers.
- Generic greetings, as they have no name to go with your email address. HMRC will always use the preferred name you’ve provided together with details of how to report phishing emails.
- Attachments. These often include a virus or trojan software.
Text messages from HMRC
Text messages are used increasing by HMRC and come with a similar number of warnings. HMRC also confirm that the messages will only direct the recipient to the GOV.UK website or ask them to contact HMRC by phone. These message will NOT include or request any sensitive information.
If you’re unsure of any communication from HMRC, our advice would be to be extremely sceptical.
- Do not click on any links or provide any information until you are comfortable that it is genuine.
- If you’d like to forward it to us to check, please do.
- If you’d like to ask our advice, please get in touch.
Similarly, if you receive a call that you are unsure of, please ask them to call us on 01768 330 400. We’re registered as agent for all of our clients, so HMRC should be happy to do so.
If you’d like to see more of the guidance from HMRC, including a list of the reasons why they may contact you, you can do so here: https://www.gov.uk/government/publications/genuine-hmrc-contact-and-recognising-phishing-emails/genuine-hmrc-contact-and-recognising-phishing-emails
We send regular updates that keep clients aware of changes and suggestions on a wide range of subjects; if you’d like to receive those too, just add your details below and we’ll do the rest! We promise not to bombard you and you can unsubscribe at any time.