With the annual deadline for filing paper self-assessment returns on 31 October, criminals are increasing the number of fake phishing emails they send out.
These appear to come from HM Revenue & Customs, and normally tell the recipient they are due a rebate which they have to provide personal information – such as bank account and national insurance numbers – to claim.
This information can then be used for a variety of criminal purposes, for example to syphon cash out of the bank account, or to take out loans or credit cards using the victim’s identity.
More believable
But the news last week that around 6 million taxpayers are in line for refunds of around £400 each has sent the fraudsters into overdrive. They think that, after reading reports of these potential rebates, those who receive fake emails are more likely to believe them genuine, and therefore provide the details they request.
Online criminals often use topical events to make their cons more believable: for example, at the time of the Haiti earthquake last year, thousands of fake requests for charitable donations were sent out.
Keep your details secure
It is rare to deal with a tax office by email. A spokesman said: “HMRC will never send notifications of a tax rebate by email, or ask you to disclose personal or payment information by email.
“You should never disclose your personal and/or payment information in reply to an email that may look like it's from HMRC, you may well be revealing your details to a fraudulent website.”
If you receive what you believe to be a fraudulent email, the official advice is to forward it to phishing@hmrc.gsi.gov.uk.
Any taxpayer who thinks they have already fallen victim to such a scam and has already disclosed personal information, details should be sent to security.custcon@hmrc.gsi.gov.uk.
Do not include the details again in the email to HMRC, simply describe what they were, for example date of birth or unique taxpayer reference number.
If you receive an email and you are not sure whether it is from the Revenue or not, call your tax office (using a number provided on a genuine document rather than in the email itself) to check.
This advice applies to bank and other sensitive communications as well. You should never try to log into an account using a link in an email, and genuine emails generally will not ask you to do this.
