HMRC: Don't be fooled by tax rebate scams

Tuesday 11 February 2014

UK limited companies should be be on the lookout for email phishing scams offering tax rebates, according to HM Revenue and Customs (HMRC).

The government body is warning the self-employed to beware of communications asking for bank account or credit card details in return for tax rebates.

Fraudsters have intensified their efforts recently, as the January 31st self assessment tax deadline put levies firmly in the minds of contractors.

In the three months leading up to the end of the month, taxpayers reported 23,247 phishing emails. This is a 47 per cent hike on the same period last year.

Throughout the course of 2013, over 91,000 scams were made known to HMRC, indicating that more and more fraudsters are looking to take advantage of contractors at a time when tax is high on their agenda.

Those that respond to phishing emails run the risk of exposing their bank accounts to attack and having their details sold on to other organised criminal gangs.

HMRC managed to close 178 websites last month that were known to be the source of tax rebate emails, thanks to customers forwarding correspondence to the department. This is up from the 65 sites closed in January 2013.

Indeed, HMRC has been upping its efforts to protect contractors and throughout last year, 1,476 websites were shut down.

Gareth Lloyd, head of digital security at HMRC, said: "HMRC never contacts customers who are due a tax refund via email – we always send a letter through the post.

"If you receive an email claiming to be from HMRC which offers a tax rebate, please send it to and then delete it permanently. We can, and do, close these websites down, and do all we can to ensure taxpayers stay safe online by working with law enforcement agencies around the world to target the criminals behind these scams."

Individuals who receive a phishing email are being advised by HMRC to check guidance at Here examples of fake emails can be found, enabling customers to determine the nature of the correspondence they have received.

Suspicious emails can then be forwarded to HMRC and deleted from the computer and email account.

People should remember to avoid clicking on websites, links or attachments that are present in an email from an unknown source.

If a contractor has responded to a phishing email, it should be forwarded to immediately, including the details disclosed.

HMRC certainly has the power to tackle fraudulent activity and has shut down malicious websites around the world, including the US and Russia.

However, limited companies should be sure to have a comprehensive cyber security strategy in place, including policies to address opening unknown emails.

According to KPMG, increasing the standard of online safety is integral for any company to advance in the digital age.

This was made clear by the government's move to demand organisations meet rigorous cyber security kitemarks if they want to take on public work.

Head of cyber security at KPMG Malcolm Marshall said: "The government isn’t afraid to be at the forefront of mandating cyber security standards in procurement."  

By Victoria McDonnell

Get in touch

Please select your type of enquiry:

Brookson on Twitter