United Kingdom: HMRC Warns About Renewed Tax Rebate Phishing
Fraudulent attempts to obtain personal details of U.K. taxpayers have been the subject of several reports in our Flash International Executive Alert newsletters. HM Revenue & Customs (HMRC) in the U.K., this week, has issued a further warning to taxpayers not to respond to e-mail scams which have been sent following the recent U.K. tax return filing deadline.
In its most recent press release, HMRC states1 “The e-mails promise a tax refund in exchange for personal, credit card, or banking details. However, people who respond risk opening their account to fraud and having details sold on to organised criminal gangs. E-mails often link to a clone of HMRC’s genuine website to trick unsuspecting taxpayers into handing over their details, but HMRC never sends e-mails about a genuine tax rebate.”
HMRC has been instrumental in closing down more than 500 fraudulent sites in 2012 with e-mails originating from countries worldwide including the United States of America, Russia, and Japan, as well as from central and eastern Europe.2
HMRC furthermore states “If anyone receives an e-mail offering a tax rebate and claiming to be from HMRC, please send it to phishing@hmrc.gsi.gov.uk before deleting it permanently. HMRC does everything it can to ensure customers are safe online and we are working closely with other law enforcement agencies to target the criminals behind this serious crime. The scam e-mail often begins with a sentence such as ‘we have reviewed your tax return according to our calculations of your last year’s accounts a tax refund of XXXX is due.’ Legitimate tax rebate forms (P800s) from HMRC will contain a payment order and will never ask for credit or debit card details. Typical details requested in these e-mails include – name, address, date of birth, bank account number, sort code, credit card details, national insurance number, passwords and mother’s maiden name.”3
In order to assist taxpayers with their online safety, HMRC strongly advises people to take the following actions if any e-mails purporting to be from HMRC are received:
• Check the advice published on HMRC’s Web site (www.hmrc.gov.uk) where people can see if the e-mail received is listed;
• Forward suspicious e-mails to HMRC at phishing@hmrc.gsi.gov.uk and then delete it from your computer/mail account;
• Do not click on Web sites or links contained in suspicious e-mails or open attachments;
• Follow advice from the Get Safe Online Web site (www.getsafeonline.co.uk );
• Anyone who has answered one of these e-mails should forward the e-mail and disclose details to security.custcon@hmrc.gsi.gov.uk;
• If anyone has reason to believe that he or she has been the victim of an e-mail scam, the matter should be reported to your bank/card issuer as soon as possible.
If in doubt, please check with HMRC at: www.hmrc.gov.uk/security/fraud-attempts.htm .
KPMG Note
If taxpayers receive suspicious e-mails asking for bank account, brokerage account, and/or credit card details, and/or other personally identifiable information, they should not respond to such e-mails or click on any links featured therein; rather, prior to deleting the e-mail from their Inbox, they should send it directly to HMRC at <phishing@hmrc.gsi.gov.uk> and, if in doubt, contact their tax advisers for advice.
Footnotes:
2 Ibid.
3 Ibid.
Source: KPMG