Electronic communication and transactions are a key part of HM Revenue & Customs (HMRC) business. However, the advantages that online transactions provide can also give rise to the risk of fraud - individuals claiming to be someone they are not, and obtaining information they are not entitled to.
HMRC, in common with all providers of online services, is committed to your security - but you need to be alert.
HMRC continuously monitors systems and customer records to guard against fraudulent activity. The methods fraudsters use to obtain the information they want is constantly changing, so HMRC provides regular updates on the type of scams it is aware of. The main risk involves stealing identities or online access details.
Please do everything you can to ensure that the identifiers and passwords you use when accessing HMRC systems are kept secure and updated regularly. You should not divulge your online User ID and password to anyone. Any suspicious activity should be reported to HMRC immediately. Contact the Online Services Helpdesk
Keep your login details secure. Do not write them down or tell anyone what they are, including HMRC staff or your accountant or tax adviser.
Use strong passwords. Remember to make them unique so they cannot be easily guessed by someone else. They should always contain a mix of letters and numbers. Try to avoid using common phrases or anything obvious like your name or date of birth. Change your password regularly; we suggest that you do this at least once every three months.
Be suspicious of unsolicited emails, even if they look like they're from a trusted source.
HMRC will never send notifications of a tax rebate, or ask you to disclose personal or payment information by email. If you have any doubt that an email you receive from HMRC is genuine, please do not follow any links, disclose any personal details or respond to it. Please forward it to HMRC at firstname.lastname@example.org then delete it.
HMRC is unable to investigate paper copies of phishing emails/websites. In order for us to take any action, you will need to forward the original phishing email email@example.com
Make sure your computer has anti-virus and anti-spyware software, and that it is continually updated allowing it to check the contents of the files on your computer against the information it holds about known viruses.
Make sure any computer which connects to the internet has appropriate firewall protection to block any unauthorised connections being made. If you're using a wireless network, ensure it is secure.
Use the most up to date version of your preferred web browser, this could reduce your chance of falling victim to online phishing scams, by displaying messages to alert you.
Make sure you download and install updates regularly.
If you are using mobile devices to communicate with HMRC make sure that you use anti-virus software relevant to that device. Security for mobile devices is just as important as for your home computer.
Please be careful about the detail you provide when social networking. Never disclose personal information.
Never enter sensitive information such as account details, PINs or passwords via a website link within an email.
Ensure websites are secure - look for the prefix 'https' and a locked padlock or unbroken key symbol. Check the authenticity of a secure website by double clicking on the symbol.
Contact the website owner on a known or independently verified phone number. HMRC provide regular updates on scams they are aware of (see the link below).
Please do everything you can to ensure that the identifiers and passwords you use when accessing HMRC systems are kept secure and updated regularly.
Beware of attachments and emails - even if they appear innocent, they could contain a virus designed to steal your personal information.
Type the full address of secure websites into your browser, rather than searching for it - this helps avoid being misdirected to a bogus site.
Some websites offer services which HMRC will provide free of charge. These include premium rate connection charges to HMRC Helplines. Please use the 'Contact us' link if you need to speak to HMRC. This link can also be found at the top of all HMRC web pages.