Only 30% of small businesses surveyed would think twice about clicking on a link directing them to HMRC
You should think twice.
Scammers regularly send fake emails that look like they are from HMRC, or from banks and other organisations like eBay, PayPal, Facebook and even Royal Mail. They aim to trick you into revealing personal information which they’ll use for fraud and identity theft. It’s known as phishing.
Tax rebate
The Self-Assessment deadline is looming so this particular dodgy email is common around this time of year. It says you’ve got a refund of £x due to you, and offers a link to “get your rebate now”.
The link takes you to a site that looks convincing to a casual observer – but it’s not the real deal.
Often these messages end up in your Spam folder and you never see them. If they do get to your Inbox, remember HMRC’s golden rule:
HMRC will never send notifications of a tax rebate, or ask you to disclose personal or payment information by email.
If you have any doubt that an email you receive from HMRC is genuine, please do not follow any links, disclose any personal details or respond to it. Please forward it to HMRC at phishing@hmrc.gsi.gov.uk then delete it.
How to spot a phishing email
A 2013 poll found that 60% of UK workers will fall for a phishing scam unless they’ve been trained to spot one.
- are you expecting the message?
- is it from an expected source? E.g. if you don’t bank with Barclays, why would they email you about your account?
- does it ask for passwords or other complete information?
- hover your mouse pointer over the links – don’t click them! – to check the website that pops up
- how good is the spelling and grammar? Bad English is a dead giveaway!
Imagine the email is someone standing at your front door asking the same questions.
Would you give them this information?
If the answer is ‘no’ then it’s probably a scam.
If you wouldn’t do it on the street, don’t do it online!
Beyond email
It’s not just email – scammers are also using fake text (SMS) messages to reel in unsuspecting victims.
Learn more
Get Safe Online: phishing video
Gov.uk: recognising and reporting phishing emails
Financial Fraud Action: invoice fraud
You might be streetwise, but are you cyber-streetwise?