HMRC publishes guidance on the subject of phishing and bogus emails. The document called Genuine HM Revenue and Customs contact and recognising phishing emails includes details of emails, letters, text messages, and bogus calls used by scammers and fraudsters to get your personal information.
Phishing emails are emails sent by fraudsters who try and trick recipients into thinking an email is genuine. HMRC is aware of numerous instances of phishing emails being sent from around the world that seek to acquire sensitive information such as passwords, credit card or bank account details using phoney links.
HMRC never sends notifications of a tax rebate by email, or asks recipients to disclose personal or payment information by email. The document includes instructions to help ascertain if an email is fraudulent. This includes looking out for spelling mistakes, poor grammar and generic greetings.
Last year, HMRC implemented new controls based on domain-based message authentication, reporting and conformance (DMARC). The security process works by determining which email servers are allowed to send emails on behalf of the organisation. Using the DMARC controls helps HMRC and email service providers to identify fraudulent emails purporting to be from genuine HMRC domains and prevent their delivery to taxpayers. However, the system is not fool proof and taxpayers must still be wary of any emails that don’t look quite right.