Scammers regularly send fake emails that look like they are from HMRC, or from banks and other organisations like eBay, PayPal, Facebook and even Royal Mail. They aim to trick you into revealing personal information which they’ll use for fraud and identity theft. It’s known as phishing.

Don’t take the bait

Tax rebate

The Self-Assessment deadline is looming so this particular dodgy email is common around this time of year. It says you’ve got a refund of £x due to you, and offers a link to “get your rebate now”.

The link takes you to a site that looks convincing to a casual observer – but it’s not the real deal.

Often these messages end up in your Spam folder and you never see them. If they do get to your Inbox, remember HMRC’s golden rule:

HMRC will never send notifications of a tax rebate, or ask you to disclose personal or payment information by email.
If you have any doubt that an email you receive from HMRC is genuine, please do not follow any links, disclose any personal details or respond to it. Please forward it to HMRC at phishing@hmrc.gsi.gov.uk then delete it.

How to spot a phishing email

A 2013 poll found that 60% of UK workers will fall for a phishing scam unless they’ve been trained to spot one.

• are you expecting the message?
• is it from an expected source? E.g. if you don’t bank with Barclays, why would they email you about your account?
• does it ask for passwords or other complete information?
• hover your mouse pointer over the links – don’t click them! – to check the website that pops up
• how good is the spelling and grammar? Bad English is a dead giveaway!

Beyond email

It’s not just email – scammers are also using fake text (SMS) messages to reel in unsuspecting victims.

Learn more

Get Safe Online: phishing video

Gov.uk: recognising and reporting phishing emails

Financial Fraud Action: invoice fraud

You might be streetwise, but are you cyber-streetwise?