KIS Bridging Loans
Presented by KIS Finance
Don't be Cheated by the Annual HMRC Tax Scam!

The deadline for self-assessment tax returns and to pay the tax you owe is the 31st January, so a lot of people are busy filling out tax return forms and sending them online to HM Revenue and Customs (HMRC). HMRC is the UK’s authority for tax, payments and customs with the purpose of collecting the money that pays for the UK’s public services.

With it being a busy time of the year for them, it also makes it one of the busiest times of the year for HMRC tax rebate scams, next to the end of the tax year in April.

This is where fraudsters contact victims, claiming to be from HMRC, and claim that they have paid too much tax and are due for a refund.

This isn’t a new scam, it is used by fraudsters year after year, but it is important that you are aware of them and you know how to identify them.

The two most common methods of contact that fraudsters use are emails and text messages, known as phishing scams.

It states on the website “HMRC never send notifications of a tax rebate or ask you to disclose personal or payment information by email or text message.” This is an important thing to remember.


Email Scams

Email phishing scams are one of the most common online scams as they are easy to create and fraudsters can send out thousands at a time.

Fraudsters usually get hold of people’s email addresses when data is stolen or bought from various companies with customer data, or, commonly from social media sites.

Fraudsters can use a private email account and spoof the sender email address and display name to make it appear like the email has come from HMRC.

According to HMRC, this is a small selection of email addresses that fraudsters have been using to distribute the phishing emails so it’s important to keep an eye out for these;

As you can see, they all look very realistic. HMRC do use the domain ‘’. So, number one, people could easily be fooled into thinking it’s a real email and, number two, the email can easily bypass any spam filters.


What’s in the Email?

  • Logo: Fraudsters will commonly steal the company logo to display at the top of their phishing email. This is to make the email appear legitimate as a lot of people may see the logo and immediately assume it is genuine.

  • Message: Within the message, they will usually tell you that they have calculated your fiscal activity for the year and you are now eligible for a refund as you have paid too much tax. The figure will usually be in the 100’s to make the offer enticing enough for people to want to make the effort to receive it.

  • Link: Most phishing emails will include a link to a bogus website that they have created.

  • Attachment: Some phishing emails may attach a PDF file instead of a link. They will urge you to download the file onto your device and insert your personal information to claim your refund.


What’s on the Website?

  • Design: The fake website will be designed to look as similar to the real HMRC as possible. They will use the same colour scheme, font and,  just like the email, they will steal the logo to display at the top of the site.

  • Tax Refund Number: They are likely to display a fake tax refund number at the top. This is another step to make the site look as genuine as possible – having a refund number will make it look like it has been personalised to you.

  • Personal Details: They will request that you enter all sorts of personal information so the refund can be processed. Fraudsters will usually steal this information to further defraud you.

  • Card Details: They will also ask you to enter your bank card details so they can transfer the money to this account. Notice that they ask for the card number, expiry date and security code instead of the sort code and account number. So, obviously they are actually going to use these details to steal money from your account instead.


Signs to Look out For

Phishing emails are being continuously developed by fraudsters and they are now looking even more slick and sophisticated. Despite this, there are still certain things for you to look out for that will tell you that it is a scam.

  • Sender’s Email Address: As stated previously, fraudsters can spoof display names and sender email addresses so they look like they have come from a legitimate source. It is important to check it very carefully.

  • Greeting: Fraudsters often send out thousands of phishing emails in one go, so even though they have your email address, it is very unlikely that they have your name. It is even more unlikely that they will spend the time personally addressing every email. They begin the email with ‘Dear (your email address)’ or ‘To our customer’. So, if the greeting is generalised, it is a good sign that it is a scam.

  • Request for Personal Information: HMRC have stated that they will never send their customers emails asking for any form of personal information. If this is required, it will be either done over the phone or via post. HMRC will also never use emails to:

    1. Offer you a repayment of any kind
    2. Notify you of a tax rebate/refund

  • Urgent Language: If the message in the email appears to be demanding and aggressive, urging you to click on the link as soon as possible, it is a common sign of a fraudster. They often want action as soon as possible so they use phrases such as ‘urgent action required’ and ‘you only have 3 days to respond’. If this was a real tax refund, it wouldn’t be that urgent.


What to do if you Receive a Phishing Email

If you receive a phishing email related to HMRC, you should forward it (without clicking on any of the links) to and delete the email. This will help to assist with HMRC’s investigations into fraud.

Alternatively, you can report the email to Action Fraud UK.


Text Message Scams

phishing sms

HMRC only very occasionally issue text messages to their customers. This is often for debt management purposes where they will text customers explaining what they need to do if they are behind with payments. 

HMRC have stated that “these messages will neve request personal or financial information”.

Just like scam emails, the fraudsters are able to spoof the display name to show ‘HMRC’ instead of a phone number. According the, people are 9 times more likely to fall for SMS scams than any others as they can appear more legitimate.


What’s in the Text?

  • Message: Similar to the email scam, in the message they will say that you are due for a tax refund and show a figure that you are owed. This figure will usually be quite large to tempt you.

  • Link: The text message will also include a link to a fake website that they have created to look like the homepage of HMRC. This is where you will be asked to fill in your personal information and bank card details so they can transfer the refund to you. Of course this is not the case, and the information it actually used to access your bank accounts to steal money and potentially further crimes under your name.

These scams are fairly straightforward and can easily fool people as there isn’t a lot there to make it look like a scam. But just remember the most important thing that HMRC will never contact you in this way to offer you a tax refund.


What to do if you Receive a Phishing Text Message

If you receive a scam text message relating to HMRC, then you can forward the details of the text to 60599.

Alternatively, you can email or report it to Action Fraud UK.


Cold Calls

There have also been cases reported of fraudsters cold calling their victims instead of texting or emailing. The fraudster will call from an untraceable phone number and they will request that you give them your personal information and bank card over the phone so they can process the tax refund.

There have also been cases where fraudsters have claimed to their victim that HMRC is filing a law suit against them for failing to make payments. They urge that you must make an immediate payment to rectify the situation.

If you can’t verify the identity of the caller, then you should hang up the phone immediately.


Social Media Scams

Another HMRC scam to be aware of is via social media direct messaging, they have been identified on both Facebook and Twitter.

Fraudsters are messaging people directly making the same tax refund claim.

These messages will never be from a genuine HMRC account as they would never contact their customers with this method.

If you receive one of these messages, don’t engage with them and report it to HMRC.


What if you Have Given your Information to a Fraudster?

If you think you have given any of your personal or banking information to a fraudster in response to a scam email or text message, then you can contact the HMRC security team.

You should include very brief details of the information you have given, such as your name, email address and bank card number (but don’t disclose your details in the email).

Contact them via:


Find it useful? Please share!

Subscribe for Updates

We will email you monthly details of our latest:

  • Business and consumer guides
  • Finance news
  • Information and awareness about the latest frauds and scams, to help you avoid them.  
I want to receive email updates

By submitting your email, you agree to our Terms and Privacy Notice. You can opt out at any time.