For years, scammers have tried to steal sensitive personal and financial information by falsely claiming that recipients of their emails are eligible for an unexpected tax refund.
To achieve their nefarious goals, the crooks distribute vast numbers of emails that look like they were sent by official tax agencies such as the IRS, ATO, or HMRC.
UK citizens continue to be popular targets of these scammers, with many of the fraudulent emails claiming to be from UK tax agency HMRC.
The emails claim that you can receive a tax refund for a specified amount by clicking a link and filling in a refund claim form. Here’s a screenshot of a typical scam email:
Clicking the link takes you to a fraudulent website that looks like it belongs to HMRC. It may include the HMRC logo and other elements to make it appear genuine. A form on the bogus website asks you to supply your name and contact details, your credit card numbers, and other personal information.
After you submit the form, you may see a final fake message claiming that your refund will be put into your nominated account within a week or so. Your browser may then automatically redirect to the real HMRC website.
But, now, criminals can collect the information you supplied and use it to commit fraudulent credit card transactions and steal your identity.
And, of course, you will never receive the promised tax refund, which never existed to begin with.
HMRC has information about recognising and reporting phishing scams on its website.
Scammers sometimes send their fake refund messages via SMS rather than email. Again, the messages try to trick you into visiting a fraudulent website and disclosing your personal information.
There are also phone-based versions of the scam in which criminals cold-call people and promise a refund. As with other versions, the purpose of the scam is to steal the victim’s personal and financial details.
Citizens of Many Countries Targetted
Criminals use almost identical tactics to target people in many different countries. They send out fake tax refund messages claiming to be from government tax agencies in the US, Australia, Canada, South Africa, New Zealand, India, and several other nations. As with the HMRC version discussed above, the messages are designed to trick people into giving their personal information to criminals.
Stay Vigilant to Avoid Becoming a Victim
Some of these tax scam messages look quite professional and at first glance, it may appear that they really were sent by your country’s tax agency. If you are busy or distracted or if you are actually expecting a refund, it might be easy to take one of the scam message as genuine and supply the requested information.
Keep in mind that a tax agency is very unlikely to send out a generic and unsolicited email that demands that you click a link to supply sensitive information. A genuine message would always include your full name and any request for information would be conducted via a secure online account with the agency.
If you receive one of these scam messages, do not click any links or open any attachments that it contains. You may be able to report the scam attempt via reporting details listed on your tax agency’s official website. Otherwise, just hit “delete”.
You can also help thwart these scammers by ensuring that potentially vulnerable friends and family members are aware of how such scams work.
A transcript of the above HMRC scam email:
Subject: UK’Online Submission of Self Assessment | Tax Rebate on 2/3/2020 10:01:20 a.m. | ‘Claim it online’ |Item Number:540884162266 #
You have received this email to be notified that HMRC has recalculate your last fiscal activity and has determined that you are eligible to receive a tax refund of 570.60 GBP.
If you want to claim your annual tax refund online, you have to complete a required form with your personal information
Note: If you don`t complete the refund form you will not be able to claim your tax refund online.
Issuing date [ 3 February 2020 ]
Expiration date [ 5 February 2020 ]
Receiver [ …. ]
Refundable Ammount [ 570.60 GBP ]
Payment Option [ Electronically by card ]
This is an automated email sent to [….. ] , please do not reply to this email as this mailbox is not monitored.
If you already submitted the refund form, please disregard this automated email.