HMRC scams are becoming increasingly believable and here's how to spot them
Updated: Apr 21
HMRC scams have been around for years, using social engineering to trick people into transferring money or giving up personal information. Social engineering is using simple yet effective psychology to prey on weaknesses such as fear, curiosity, willingness to help or trust, and greed.
Although HRMC scams are nothing new, they are becoming more complex and believable. People are starting to wise up to scams, so the scammers need to put more effort into their attempts and they are getting very good at it, whether it be very convincing phone calls using a professional and polite manner to trick you into trusting them and giving up information, using fear of fines or criminal action taken against you or very well constructed emails. They know that many people aren’t particularly familiar with HMRC practices and procedures and are incorporating that aspect into their scams.
The scams vary between offering people tax rebates or targeting business owners and self-assessment taxpayers in particular, increasing their activity in line with HMRC around assessment deadline. This also allows them to use the deadline to create a sense of urgency and press people into falling for their scam using the fear aspect of social engineering. If you have an accountant, always speak to them first.
COVID relief grants are another angle they use, often sent by text messages, whereas the real HMRC will contact people via a letter in the post regarding SEISS grants informing them they will receive a phone call within 10 working days.
Scammers know that people tend to have a certain level of fear for the HRMC, often triggered by their lack of knowledge of HMRC practices. It’s that same lack of knowledge that also allows people to fall for the email, text or phone call scams. HMRC will only contact you by post initially and never contact you out of the blue. Also remember that emails and numbers can be spoofed to look like they came from HMRC so you can never be sure even if the email address looks genuine.
Here’s some advice on how to spot HMRC scams – it’s likely to be a scam if:
There’s a sense of urgency or is time sensitive
A financial incentive is offered such as a refund, grant or tax rebate
The call, email or text is threatening in nature
They are asking you to transfer money
It’s a good idea to read up on how the HMRC really operates and how they will actually contact you; the HMRC website contains useful guidance to how they will communicate with you and the processes for self-assessments and tax rebates. You can find some useful links at the end of this article to help.
What to do if you are unsure or suspect a scam:
Call the HMRC directly to confirm and, if someone has called you, don’t be afraid to hang up.
If it is business related, speak to your accountant first if you have one before taking action, otherwise contact the HRMC directly.
Report any scams or phishing emails to HMRC online or email them – email@example.com.
Below are some links you may find useful, including some examples of known scams and HMRC practices.
If you would like to see more content like this and keep up to date with the latest security breaches, ongoing scams and cybersecurity advice, please sign up to our newsletter.
WV Solutions can offer cybersecurity awareness training to educate your staff on how to identify phishing and social engineering, and best security practices. We also offer phishing testing to keep staff vigilant and improve their ability to spot scams.