The Tax Refund that could COST a lot!

Today I got an email in my junk folder (I always keep an eye as occasionally some good emails do find their way into no-where land) the subject was “Automated Tax Refund”.

The email was set up to look like it had come from HM Revenue & Customs (HMRC) including official headers, logos and the senders name had been set to look like it came from HMRC.

Tax Refund Notification
After the last annual calculations of your
fiscal activity, we have determined that you are eligible to receive tax refund
of 348.50 GBP.
You are require to submit the tax refund request using the tax
refund reference below and allow up 6-9 working days in order to process
it

LINK REMOVED

Note : A refund can be delayed for different reasons, for example
submitting invalid records or applying after deadline.we apologise for any
inconveniences and thank you for your co-operation.
Yours Sincerely
HM
Revenue & Customs

However alarm bells started to ring.
1) How would they have my email address? HMRC usually send letters out in the post, even for a tax refund, to say a cheque is on it’s way.
2) Although it had come to my main email account no-where on the email does it in fact state my name or any kind of identifying ref number.
3) The email asked me to use the link on the email to visit their site, to claim my refund.
A quick search on Google confirmed for me that this was in fact a phishing scam. Basically someone is trying to Phish / fish for your details; be they password and username to sites or in this case bank details. This kind of email happens a lot under different guises. In the past I’ve had ebay and paypal – there’s a problem with you account please log in here and confirm it’s ok…. Or banks saying you need to activate your online banking by loggin in via this link.
If you receive and email along these lines or are unsure of how legit it is, then DO NOT USE THE LINK on the email.
Things you could do
  • Google part of the email to see if anyone else has had this scam.
  • Go to the site in question, i.e. eBay, paypal, your bank as you would normally and check your account if a message has been sent from them (Highly unlikely) there will be a record on the site.
I have Norton 360 which automatically put up a block saying this site had been reported as being fraudulent, not everyone uses Norton so…
For the benefit of this blog and to save you from having to I clicked on the link and rather than taking me into the HMRC site which you would expect if this had been real, I got a list of different bank logos to select from.

I picked on randomly just to see what happens, you are then taken to what I presume is a mock up of your banks log-on screen and asked to log in.

If I had actually logged in, the sender of the mail would now have my log on details to my bank account and the ability to make payments to whoever they want (not that they would have got a lot from me haha).

No legit company would be offering a refund into your bank account like this without actually checking you are who you say you are (No details on the email or on the link).

Please read emails carefully, if you think it’s too good to be true, it probably is. Check if other people have had similar emails by searching the net. NEVER EVER give out bank details, passwords, or personal info unless you are certain you are on the official site and not a very clever mock-up or you could be stung.

PS. Apparently there is an identical mail being sent to Americans as though it’s from the IRS rather than HM Revenue & Customs. Beware the global Internet means we have Global phishing too.

Avatar for Pippa Haines Pippas Web

I am Pippa and I have run Pippas Web - web design for small businesses for 13 years. I help small business owners find their bit of cyberspace. I provide the technical know-how, so they can get back to running their business. If you like what I write in my blogs, you can sign up to my newsletter for more tips straight to your door. All list members get a copy of "How to get your business seen online in 2021".