Recognising and reporting phishing/bogus emails

What is a phishing email?

Phishing is the fraudulent act of emailing a person in order to obtain their personal/financial information such as passwords, credit card or bank account details. These emails often include a link to a bogus website encouraging you to enter your personal details.

The guidance below may help you to recognise a phishing email.

Remember:

  • HM Revenue & Customs (HMRC) will never send notifications of a tax rebate by email, or ask you to disclose personal or payment information by email.
  • To be completely safe from phishers, do not select links in emails. If in doubt, close your browser, reopen it, and type the web address for the site you want to visit directly into the address bar.

How to report HMRC related phishing/bogus emails

If you have received a HMRC related phishing/bogus email, please forward it to phishing@hmrc.gsi.gov.uk and then delete it.

Hints and tips below may help you recognise a phishing/bogus email

Incorrect 'From' address

Look out for a sender's email address that is similar to, but not the same as, HMRC's email addresses. Fraudsters often have email accounts with HMRC or revenue names in them (such as 'refunds@hmrc.org.uk'). These email addresses are used to mislead you.

However be aware, fraudsters can falsify (spoof) the 'from' address to look like a legitimate HMRC address (for example '@hmrc.gov.uk').

Phishing examples

Personal information

HMRC will never ask you to provide confidential or personal information such as passwords, credit card or bank account details by email.

Urgent action required

Fraudsters want you to act immediately. Be wary of emails containing phrases like 'you only have three days to reply' or 'urgent action required'.

Bogus websites

Fraudsters often include links to webpages that look like the homepage of the HMRC website. This is to trick you into disclosing personal/confidential information. Just because the page may look genuine, does not mean it is. Bogus webpages often contain links to banks/building societies, or display fields and boxes requesting your personal information such as passwords, credit card or bank account details.

You should be aware that fraudsters sometimes include genuine links to HMRC web pages in their emails, this is to try and make their emails appear genuine.

Common greeting

Fraudsters often send high volumes of phishing emails in one go so even though they may have your email address, they seldom have your name. Be cautious of emails sent with a generic greeting such as 'Dear Customer'.

Look out for

Spelling mistakes and poor grammar.

Attachments

Be cautious of attachments as these could contain viruses designed to steal your personal information.

If you are suspicious of the email you have received, please forward it to the following email address and then delete it.

phishing@hmrc.gsi.gov.uk

What you should do if you have disclosed personal details

You should never disclose your personal and/or payment information in reply to an email that may look like it's from HMRC, you may well be revealing your details to a fraudulent website.

However, if you have already given any of your personal information, for example your HMRC User ID, password or National Insurance number, in reply to a suspect email please forward brief details to the email address below.

security.custcon@hmrc.gsi.gov.uk

Please do not disclose any of your personal details or information in the email report to HMRC. However it would help us to investigate if you would tell us the type(s) of information that you disclosed to the suspect website. For example - I gave my name, address, date of birth, bank card details, HMRC User ID etc.

We will act upon all HMRC related phishing emails, removing reported fraudulent websites.

Top