Question, I have received an email from HMRC saying that I am due a tax refund – I am concerned this might not be genuine – do you have any guidance as to what to look out for with regards to spam / phishing etc. so I know what communications from HMRC are genuine?


HMRC fake scam phishing emails


Answer, August 2017

Scam e-mails and electronic communication designed to fool the recipient into disclosing personal information are becoming an increasingly common strategy of fraudsters – this is often referred to as ‘phishing’.

Phishing is a way scammers try to steal your identity and gain access to user names and passwords, often with the aim of stealing money.

These communications can sometimes look quite realistic so can trick you into thinking they are from HMRC when they are not.

HMRC’s guidance on this is that they will never use emails or texts to do either of these:

  • tell you about a tax rebate or penalty
  • ask for personal or payment information

So if you have received an email saying you are due a tax refund this is a scam.

HMRC have actually  compiled a list of example bogus communications which you can find here.

If you think you have received a HMRC related phishing/scam email or text message you should follow this advice:

  • Do not open any attachments in the email or click on any links
  • Never give out sensitive information such as user names, bank details and passwords
  • Report it to HMRC


We have also included below some general spam email safety advice from Citizens Advice:

How can I spot a spam email?

You can often tell a spam email because:

  • the sender’s email or web address is different to the genuine organisation’s addresses
  • the email is sent from a completely different address or a free web mail address
  • the email does not use your proper name, but uses a non-specific greeting such as ‘dear customer’
  • the email threatens that unless you act immediately your account may be closed
  • you’re asked for personal information, such as your username, password or bank details
  • the email contains spelling and grammatical errors
  • you weren’t expecting to get an email from the company that appears to have sent it
  • the entire text of the email is contained within an image rather than text format
  • the image contains a link to a bogus website