Fraud and scams

If you have received an email that you consider to be fraudulent, please forward it to HMRC at phishing@hmrc.gsi.gov.uk. HMRC cannot reply to every email, but it does investigate and take Online Security very seriously.

To help you spot a scam email HMRC has compiled a list of key points to look out for:

  • Disclosing personal information - HMRC will never ask you to disclose personal information such as your PIN or your passwords, or your bank details. Never disclose this information to anyone.
  • The padlock - when you log in to HMRC Online Services you are always in a 'secure session' - which is shown by the padlock or an unbroken key in the bottom right hand corner of your web browser. The beginning of HMRC's address will change from 'http' to 'https' when a secure connection is made.
  • Your name - fraudulent emails are not normally addressed to you personally; they can have missing addressee details or contain something vague such as 'Dear valued customer'.
  • The sender - HM Revenue & Customs (HMRC) was formed on the 18 April 2005 following the merger of Inland Revenue and HM Customs and Excise departments. Those former departmental names no longer exist. Recent fraud attempts have used fake departmental names, and purporting to be sent from HMRC Board Members.
  • Links within the email - the email may include a link that you are asked to follow to take you to a website. Following the link takes you to a site that may look genuine, but it is most probably a fake. Always access the HMRC website by typing HMRC's address in the address bar of your web browser.

What to do if you receive a scam email

HMRC would never contact you asking you to disclose personal information. If you have received an email requesting personal information, payment of tax or suggests you are due a tax rebate, please take the following action: