The coronavirus pandemic has instigated a substantial rise in the number of reported fraud scams, with criminals impersonating trusted organisations such as HMRC through unsolicited emails, phone calls and text messages.

Prevalent scams include phishing emails that appear to come from government departments, offering grants, tax rebates, compensation or access to Covid-19 relief funds. The emails encourage you to click on suspicious links or open attachments in order to allow the fraudsters access to sensitive personal information, including your password, logins and bank details.

HMRC stress that they do not send out emails, text messages or make phone calls to inform you about a tax rebate or penalty or to ask for personal or payment information.

HMRC have issued some helpful guidance on how to identify fraudulent emails

1. An incorrect ‘from’ address. Be aware of email addresses that are similar to, but not the same as HMRC’s – for example, If you are not completely sure the message is legitimate, do not open the email.

2. HMRC will never contact you to:
– Notify you of a tax rebate;
– Offer you a repayment;
– Ask you to disclose personal information, including your full address, Unique Taxpayer Reference or details of your bank account; and
– Ask for financial information such as specific figures (unless you have given prior consent and formally accepted the risks).

3. Check out the reply address, HMRC will never give a non HMRC personal email address to send a response to.

4. Look out for any kind of attachment, HMRC do not send these (unless you have given prior consent and formally accepted the risks).

5. Fraudulent emails often request immediate action, with demands such as ‘you only have three days to reply’.

6. Be wary of bogus websites – many phishing emails lead to a website page that looks like the homepage of HMRC. These pages often contain links to banks or building societies and have fields requesting personal information such as passwords, credit card details or bank account details.

7. Fraudulent emails can sometimes contain links to genuine HMRC website pages in them, to make their emails appear legitimate.

8. Scam emails will rarely include your name, even though they may have your email address or phone number; whereas emails from HMRC will include:
– The preferred name you have supplied them with; and
– Information on how to report phishing emails to HMRC.

Further examples of HMRC related phishing emails can be found here.

How to report a phishing email

If you receive any suspicious communication alleging to be from HMRC, this can be reported by emailing

Suspicious phonecalls should also be reported, and additional information including your phone number, caller’s phone number, time and date of the call and brief description of the call provided.

If you are worried you have inadvertently disclosed personal information, this can be reported to HMRC’s security team at

Should you have any queries on the above or require any help or support, then please either get in touch with your usual M+A Partners contact or email and we will be happy to help.

Written by

Our Team