HMRC Spear Phishing Emails

Phishing emails appearing to be from HM Revenue & Customs (HMRC) are known to increase in volume from January to March, towards the end of the UK financial year. The emails claim to offer tax rebates, enticing users with financial incentives. Companys can be particularly susceptible to this type of scam as their contact information is often readily available.
These emails can have all the hallmarks of an HMRC email but contain hidden links that redirect to malicious websites. Once the links are activated the user’s machine can become infected with malware.

Emails from HMRC will never:

  • Send notification of a tax rebate.
  • Offer a repayment.
  • Request personal information such as your full address, postcode, Unique Taxpayer Reference, or bank account details.
  • Request any responses to a non-HMRC personal email address.
  • Request financial information such as specific figures or tax computations, unless you’ve given HMRC prior consent and formally accepted the risks.
  • Have attachments, unless you’ve given HMRC prior consent and formally accepted the risks.
  • Provide a link to a secure log-in page or a form asking for information – instead HMRC will ask you to log on to your online account to check for information.

Any email received from the HMRC requesting financial information or offering financial incentives should be treated with the utmost caution and checked before opening

Affected Platforms

All Windows Versions

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: