HM Revenue and Customs has reported a 300% rise in fraudulent ‘phishing’ emails over the past year, with over 24,000 scam emails reported to HMRC in August alone.
The emails provide a click-through link to a cloned replica of the HMRC website. The recipient is then asked to provide their credit or debit card details, which enable criminals to not only empty victims’ bank accounts, but also to sell their personal details on to other organised criminal gangs. Around 100 such websites are being shut down with the help of HMRC every month.
The scam email often begins with a sentence such as “we have reviewed your tax return and our calculations of your last year’s accounts a tax refund of XXXX is due.”
But in reality HMRC only ever contact customers who are due a tax refund in writing by post, not by email, telephone calls or through external companies, and the department has stated that legitimate tax rebate forms (P800s) will contain a payment order and will never ask for credit or debit card details.
HMRC has issued the following advice:
- Check the advice published at www.hmrc.gov.uk/security/index.htm to see if the email you have received is listed
- Forward suspicious emails to HMRC at email@example.com and then delete it from your computer/mail account
- Do not click on websites, links contained in suspicious emails or open attachments.
If you have reason to believe that you have been the victim of an email scam, report the matter to your bank/card issuer as soon as possible. If in doubt, you can check with HMRC at http://www.hmrc.gov.uk/security/fraud-attempts.htm