HMRC Scam Emails - Feb 2020
There are a series of malicious emails targetting academia stating that users are due a refund from Her Majesty's Revenue and Customs (HMRC).
A series of malicious emails are currently being sent to universities, stating that users are due a refeund from Her Majesty's Revenue and Customs (HMRC). The scales of the attacks has been large, taking place over several weeks and utilising over 200 email addresses to send them.
An example of the format of these emails is as follows:
HMRC Tax Refund Identification Numbers - GOV.UK - University of Edinburgh 02285
From: Annual service refund gov <[REDACTED]@hotmail.com> Date: Wed, 12 Feb 2020 at 06:48
To: [REDACTED] -
University of Edinburgh -Government-Gateway-Portal-Transaction-Confirmation : 787982TAX - (Please retain for your records)
-[EMAIL], -Refund Amount GBP 550.11 -Your Refund Reference Number is: Ref/7470505-GB -Government - Gateway Portal - [malicious link] -
Note : If you will not complete the required form you will not be able to claim your refund online. -
Transaction Details: - Receipt Date: 2/12/2020 12:47:57 p.m. - Refund amount : GBP 550.11 -
- Receiver Email: [EMAIL] - - Payment Method: Online Credit/Debit Card to your account -
-You have a new message from HMRC about your tax refund.
-Government Gateway Portal.
-University of Edinburgh -
-Please note: This means we send you an email to let you know you have a new message in your account.
How do I know it is a scam?
HMRC state in their own guidance that:
"You’ll never get an email, text message or phone call from HM Revenue and Customs (HMRC) which:
- tells you about a tax rebate or penalty
- asks for your personal or payment information"
Furtherexamples and guidance on malicious HMRC communications can be found at:
What to do if you receive a malicious email
If you receive one of these emails, you can always check with HMRC if it is legitimate by contacting: email@example.com
Malicious email should be reported to the IS Helpline by sending the email as an attachment to firstname.lastname@example.org.
We request the email as an attachment in order to preserve the headers and allow us to better track them and take appropriate action.