back to article UK taxpayers hit by wave of tax refund scam mail

HMRC has warned taxpayers to be on their guard against a new slew of phishing attacks touting fake tax rebates. The UK's tax men said that 83,000 scam emails were brought to its attention last month, while 10,000 reports of the attempted fraud were reported on just one day this month. The scamsters tempt their marks by saying …

COMMENTS

This topic is closed for new posts.
  1. dave 93
    FAIL

    I got one of these mails over a year ago

    and struggled to find a way to bring it to HMRC attention as they don't have a very accessible contact page (maybe that isn't so surprising ;-) but I did mail it somehwhere@hmrc.gov.uk. Took them six months to reply though! (again, not so surprising!)

  2. Optymystic
    Thumb Up

    Only 80 000?

    It feels as if I must have received most of those. Its a bit of a give away when you receive the same email several hundred times

  3. Tom 7

    Kinda obvious

    Had a few dozen of these - the fact that I'd overpaid in dollars was a bit of a give-away, if the fact that half a dozen arrived simultaneously wasn't enough to get the alarm bells ringing .

    One of the worst I've seen!

  4. Mark 140

    Bad attempt

    I've had one of these myself.

    The spelling is poor, the grammar is poor and the forms on the email don't go to a legit-sounding website. They're not very convincing.

    The sad thing is that people will fall for it.

  5. Anonymous Coward
    WTF?

    Tax **REFUND***

    Who the hell would fall for the idea of a tax REFUND???

    Far more convincing if the letter said something like "HMRC has changed the rules yet again. As a result, you owe us more tax. Please send a cheque to..."

  6. Anonymous Coward
    Boffin

    In the US, there's a similar thing going

    Only here the spam claims to be from the FBI.

  7. Anonymous Coward
    Unhappy

    Basterds...

    I get one or two of these a day...

  8. Chimpofdoom!
    FAIL

    Actually...

    I got one of these e-mails telling me I was due a Tax ReFOUND..

    They just don't put the effort in like they used to....

  9. Anonymous Coward
    FAIL

    Sill maintain

    If someone is stupid enough to believe this is legit and their banks/other financial institutions would request their details by email then they deserve to be have their cards/accounts emptied.

    Its not like this is a new thing ffs.

    if they cant be taught then they deserve everything they get

  10. Maverick
    Coat

    @ AC Friday 11:17 GMT

    well according to our 'rulers' it is against natural justice to implement RETROSPECTIVE changes in the rules - so you must be mistaken my friend

    . . . oh wait, sorry I forgot, well silly me . . . one set of rules, standards of decency and honesty for MPs, and different ones for the rest of the population - along with hefty fines of course grrrrrr

    <yes, the one with the copy of Hansard in the pocket please>

  11. Evil Genius
    Grenade

    How many actually work?

    Law of averages means they must get enough returns to make it worth their time and effort.

    Perhaps we should introduce a one-strike law. Fall for a phishing scam and you lose all your internet connections as you are clearly too dumb or ignorant to be trusted with such a thing.

    Either that or turn yourself in to a designated location for an educational course with a baseball bat and a rusty nail.

  12. Neil Spellings

    @Dave93

    I found the contact email address with ONE click. On the very front page of the www.hmrc.gov.uk site:

    Online security

    Online protection advice, including reporting phishing scams

    Click through and you will see:

    If you have received an email from HMRC that you consider to be fraudulent, please forward it to phishing@hmrc.gsi.gov.uk. HMRC cannot reply to every email, but action is taken on each report received.

    Simples...as our Meercat friend would say!

  13. adam payne
    Stop

    Seen it many times before

    We've been getting loads of them as well as mails from the IRS, the Bank of America, HSBC, Barclays, DHL and so on. Good old mail filtering server is blocking every one of them.

  14. Chloe Cresswell Silver badge

    New version..

    I've had a set arrive on my servers claiming to be talking about a tax underpayment and that you need to pay them more.. Much more "believable"

  15. Richard 118
    FAIL

    Phishers

    I didn't fall for the first one (a quick glance at the link it was trying to send me too was a bit of a giveaway),

    but sending my another 50 in the space of 2 hours... maybe HMRC actually do want to give me money :P

  16. adnim
    Joke

    I got one too

    but when I visited the web site, downloaded my "tax statement.exe" and ran it nothing happened.

    Is this a scam then?

  17. Anonymous Coward
    Anonymous Coward

    email marketing

    is not considered Spam, particularly in the US where it is encouraged as a means to get new clients.

    Until that changes and ALL unsolicited mail is treated as SPAM and suitable laws for both spammers and their ISPs brought in and policed, then this kind of thing will continue.

    When 90% of email is spam (as it is on my mail server - serving only 5 people) then something is wrong. Also if HMRC can only warm people then again something is really wrong. We all suffer so some marketing people can still flog HTML email marketing.

  18. Bernie 2

    Phishing

    I don't know how anyone falls for phishing these days, as you're likely to get phishing emails for 10 different banks you don't use before they send you one that applies to your bank. Even the most idiotic user will be wise to it by then, surely?

    Same goes for the tax return ones;

    "On Monday the IRS wanted my details, now HMRC do as well. That's not suspicious at all even though the emails are otherwise identical. Better respond to it now.

    // There is a pigeon in your bank account, sir. We need your bank account number and sort code so that we can get access to the vault and remove it.

  19. Maty

    Except ...

    A certain airline sent us an email asking for personal details (which they already have) in an email complete with a 'click this link to enter details'.

    I couldn't believe it wasn't a phishing attempt until I did an IP lookup against the domain registrant and checked in phishpool and a few other sites.

    While legit companies still send emails like this, it will be easy for crooks to spoof them.

  20. Nick Kew
    Big Brother

    The real HMRC

    FWIW, I had a couple of those, directing me to hmrc.co.uk[1]. I thought that looks interesting, shouldn't the real HMRC have that one? Turns out it *is* the real HMRC, according to whois. Furthermore, they've included a full postal address for my nearest HMRC office!

    You actually have to decode (or click) the base64-encoded attachment to get a real dodgy URL[2]!

    [1] and no doubt another few thousand knocking at the spam filter.

    [2] albeit on the rather dubious premise that the real HMRC is non-dodgy.

  21. dreamingspire
    Stop

    Notice of underreported income

    Surprised that only one Comment has mentioned the "Notice of underreported income" emails - I have had a slew of those this week. They came dribbling in, using just a small number of destination mailbox names (some valid, others invented but frequently seen in incoming emails).

  22. Tezfair
    FAIL

    123reg

    if you track the domain down they are all registered via 123reg, yet when you try and alert then at abuse@123reg.co.uk they bounce it back as flagged spam.

    maybe they need to change the way they register domains to reduce spam

  23. Anonymous Coward
    Paris Hilton

    I cannot believe......

    ...that some people are still so naive about these scams and quite happily release their personal details to anyone who asks for them.

    Paris because even she wouldn't be that stupid ................. or maybe................

  24. Tony Flaherty
    Coffee/keyboard

    had loads here as well

    lots of em in our spam system, many to recipients with different names in the email body, although interestingly the names were correct for employees here.

This topic is closed for new posts.

Other stories you might like