Sunday 24 January 2010

HMRC Warns of New Phishing Scams

In January 2010 HMRC issued new guidance on current phishing scams now in circulation.

This is something that is very much on the increase, with at least a dozen of our own clients having received one or more of these in the last month or so.

The key scams are listed on the HMRC web site as follows:

You have 1 new ALERT message

An email from "HMRC Online services - test@test.com" is being issued, stating the recipient has 1 new ALERT message, and should log into their Online Account to read the message.

The email contains a link to a fraudulent website that requests the disclosure of personal account information and password.

The email is not from HMRC. If you have received a copy please forward it to them at phishing@hmrc.gsi.gov.uk.

Tax rebate

HM Revenue & Customs (HMRC) would not inform customers of a tax rebate via email, or invite them to complete an online form to receive a rebate of tax.

Do not visit the website contained within the email or disclose any personal or payment information.
Email addresses used to distribute the tax rebate emails include:

tax.refunds@hmrc.gov.uk
attached.form@hmrc.attached.gov.uk
service@hmrc.gov.uk
hmrcrefunds@hmrc.gov.uk
refundsdept@ir-efile.gov.uk
noreply@hmrk.co.uk
customers@hmrc.gov.uk
taxcredits@hmrc.co.uk
officer.robinson@hmrc.co.uk
securemail@hmrc.gov.uk

HMRC does not send out emails using these email addresses.

An example of the tax rebate scam:

Example 1 (PDF 22K) (added 21 August 2009)

Example 2(PDF 43K) (added 6 July 2009)

Example 3(PDF 211K) (added 7 January 2009)

Notice of Underreported Income

Emails entitled Notice of Underreported Income are currently being circulated from


The email links to a fake HMRC website entitled 'Fraud Application' and asks that you download and review a tax statement document. The website then opens an executable file on your machine.

The email is not from HMRC. You should be aware that opening executable files (.exe) over the internet can potentially compromise the security on your machine.
HMRC do not issue emails asking for personal details.

Do not visit the website contained within the email or disclose any personal or payment information.

If you receive an email requesting such information, please forward it to
phishing@hmrc.gsi.gov.uk and then delete it.
National Insurance Contributions email

An email is in circulation entitled National Insurance Contributions, stating that a payment has not been made. The email contains a link to a fraudulent website that requests the disclosure of payment/personal details. The email is not from HMRC.

Update from HM Revenue & Customs' email

HMRC has received reports of emails being sent asking recipients to 'update your account to the new EV SSL certification'. This is a scam email attempting to steal User IDs and passwords.

The email is being sent from info@hmrc.gov.uk.


You should never disclose personal information such as User IDs or Passwords.

Approval of funds scam email

An email is being issued displaying the email address postmaster@hmrc.co.uk with the subject 'You are a winner of 168,240.00 GBP'.

The email features an attachment and requests that personal details are recorded on the attachment and forwarded to info@lloydstsbprize.com.

Previous phishing scams

The following are phishing attempts that you need to be aware of. Each of these has been reported to HMRC previously.

Anti-Terrorist Certificate - this is a scam involving postal items supposedly being stopped by Customs that require the purchase of an Anti-Terrorist Certificate before being released. There is no such certificate in existence within HMRC.
Child Benefit and Income Support - unsolicited emails are being issued advising the recipient may be entitled to Child Benefit. A non-departmental email address and mobile numbers are being used as the contact points for this scam. An example of the Child Benefit and Income Support scam (PDF 26K).

Compensation - this scam is aimed at people who supposedly have already been the subject of a fraud attempt. The email requests personal details on the pretext that compensation will be paid. An example of the compensation scam (PDF 32K).
Export Clearance Process (Delivery Stop Order) - a number of frauds state that a parcel containing a cheque in respect of lottery winnings, or a legacy left in a will, has been held up by Customs at an airport or dock and requires payment of a percentage of the winnings. This will be a fraud. An example of the Export Clearance Process (Delivery Stop Order) (PDF 92K).

Fake P86 form - letters are being sent with fake P86 Forms, which ask for personal information from taxpayers employed outside the UK. These forms are fake and should not be completed. Further details can be found at Fraud attempt - Fake P86 Form.

Lottery winnings - emails requesting tax payments are required to release funds won on a foreign lottery. This is fraud. An example of the Stop Order fraud (PDF 92K)

Telephone variations - the individual may be contacted by telephone rather than email. HMRC has seen examples where customers are contacted by someone purporting to be from HMRC, claiming that a rebate of tax was due and requesting for payment details to make the payment into. Please note: HMRC would only notify you of eligibility to a tax rebate in writing, not over the phone or email. If you are asked to give any personal details over the telephone you should always check with HMRC that the caller is a genuine representative of the department.