Criminals are currently targeting UK citizens with phishing emails, claiming to be from HM Revenue & Customs giving update on your tax refunds.
The email subject line is “Limitations to your Tax Refunds”, and the message body contains the HM Revenue & Customs logo, with body text: Tax Refund Confirmation.
HM Revenue & Customs is constantly working to ensure security by regularly screening the accounts in our system. We recently reviewed your account (error code : 00562), and we need more information to help.
The email then invites you to click on a link in the message body to update your information to remove the limitations to your account.
Do not click on the link, it is redirecting you to a phishing site.
HM Revenue & Customs Tax Refund Scam Email
The scammers are trying to outsmart us though, as they are saying in their email that clicking the link will not take you through to hmrc, but a secure website at a bank. If you hover above the clickable link, you will see that the website address is:
You can report the email by forwarding it to email@example.com. We have reported, but the more reports the better.
For more information about email scams and phishing attempts involving the HMRC, have a look at the HMRC website.
When clicking the link you are taken to a fraudulent “holding page”, which shows a selection of banks, trying to give credibility to their email and request for personal and confidential information:
Tax Refund scam redirect
Although the page did have the HMRC logo in the corner, but although the site looked quite convincing it did not look very professionally made, like you would expect of a real website set up by HMRC. A good thing can not be repeated too much: Do not give away personal and confidential information online. HMRC or your bank would never ask you to do this, only scammers and criminals do.
Tips to spot phishing emails
- Request you to supply personal information directly into the e-mail or submit via website,
- Threatens to suspend or close your online accounts if you do not respond for the email,
- Claims that your account has been compromised or accessed by un authorized person,
- Requests you to enter, validate or verify your account information,
- States that there are unauthorized charges on your account and requests your account information,
- Claims that the bank has lost important security information and needs you to update your information online,
- Requires you to enter your card number, password, user ID or account numbers into an email.
Protect yourself from email frauds
- Never click on Hyperlinks within emails, instead, copy and paste them into your browser,
- Do not open any file attached to the email,
- Always look for “https://” and padlock on web sites that require personal information,
- If you didn't initiate a transaction to which an email is referring, it's probably a scam,
- Never respond to spam / suspicious email or emails from unknown senders,
- Do not supply your personal / Bank account information to strangers, they are most likely scammers.