We have been made aware that there is a scam email in circulation purporting to be from HMRC and asking the recipient to ‘verify their VAT submission and make any necessary corrections’.
Unfortunately, this is one of several similar fraudulent emails whereby the sender spoofs a genuine email address or changes the ‘display name’ to make it appear genuine. The emails often use alarmist tactics to try to encourage the recipient to click on a link and disclose personal or payment information.
While these emails may initially seem legitimate, here are some key indicators that suggest they are fraudulent:
- Inconsistent email addresses – Checking the sender’s address often reveals that the email does not originate from a legitimate gov.uk domain
- Misleading hyperlinks – The links provided do not direct users to an official gov.uk website. Always hover over links to verify their destination before clicking
- Requests for sensitive information – HMRC and other government bodies will never ask for passwords, bank details, or other personal data via email
- Unexpected attachments or links – Be cautious of any email urging you to open an attachment or click a link
- Lack of official branding – Genuine HMRC emails always include the official logo and a footer outlining confidentiality, scam warnings, and phishing advice
- Spelling and grammar errors – Poorly written emails with noticeable mistakes are a sign that the message is not from a legitimate source
HMRC remind taxpayers to be vigilant to communication purporting to be for them, emphasising that customers should never give out private information (such as bank details or passwords), reply to text messages, download attachments or click on any links in emails if they are uncertain as to their authenticity.
Scam emails can be reported to HMRC by forwarding the email to phishing@hmrc.gov.uk.