The change in tax year is a favourite time for fraudsters to try ‘social engineering’ attacks by:
- sending scam emails (known as phishing)
- sending scam texts (sometimes called smishing)
- making bogus phone calls (also referred to as vishing)
For example, they may send messages pretending to be from Her Majesty’s Revenue and Customs (HMRC) saying you've received a tax rebate and asking for your account details. Often they’ll follow up a fake email or text with a phone call.
Here are some tips to help you watch out for scams that try to trick you into handing over your personal information.
How to spot a scam
It's a good idea to be suspicious of unsolicited emails, texts or phone calls, even if they appear to come from a legitimate source. Some tell-tale signs to look out for in phishing emails include:
- poor spelling and grammar
- claiming to offer a tax refund from HMRC
- urging you to reply or click through to a website, which turns out to be fake
- asking for confidential information, such as online banking details, passwords or PINs
- offers of money or rewards, like lottery prizes
- warning your account may be shut down unless you take some type of action
A good way of spotting a fake message is to hover over the sender's email address to see where it's really come from or hover over the links to see where they're sending you to. HMRC has issued its own advice on how to spot fraudulent emails.
With bogus phone calls, the fraudster may pretend to be from HMRC and warn you that police will come to arrest you unless a tax bill is paid immediately.
The caller can be very aggressive.
What to do about suspicious emails, texts and phone calls
If you get a suspicious email you think may be a scam:
- don’t reply
- don’t click on a link
- don't open any attachments.
Scams can also be carried out by text messages that appear to have been sent by reputable organisations such as HMRC. Fraudsters use 'text spoofing' to make the sender name on a message seem like it’s from a genuine source or ‘phone number spoofing’ to make calls look like they’re coming from a genuine call centre.
You may want to contact the organisation to check whether an email or text claiming to be from them is authentic. Make sure you do so using a phone number you know is genuine.
If you think you’re being targeted by a bogus phone call, don’t be afraid to hang up. If you have call barring, you could block the incoming number for future calls - but only if it’s not been spoofed or withheld.
If you've been contacted by a suspicious caller, you can read more about our latest scam warnings and how you can protect yourself online.
To find out more about phishing and other scams, download our guide to protecting yourself against financial fraud (PDF, 333KB).
You can also check out the government-backed campaign Take Five to learn more about how to guard against financial fraud.