British tax payers struck by phishing scam

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Metro newspaper

British newspapers are warning their readers of a phishing scam that has been spread via spam email, telling recipients that they have been awarded a tax refund from the HMRC (Her Majesty’s Revenue and Customs).

The phishing attacks have been seen arriving from faked addresses such as [email protected] or [email protected], and the fact that it is being seen so much now is no surprise. January 31st is the deadline for self-assessment forms to be filed with the HMRC, and some taxpayers will be hoping for a rebate.

Of course, for many people it’s a dream come to true to think that they might actually be getting some money back from the tax man rather than having to give money to the Inland Revenue, so it’s not surprising if people might eagerly click on the link without thinking of the possible consequences.

Sign up to our free newsletter.
Security news, advice, and tips.

The HMRC has warned the British public of the threat, and posted information on its website. They emphasise that while they might send tax payers emails from time to time, they would never do so requesting login, bank or credit cards details.

Furthermore, the HMRC says it would always inform tax payers of rebates via post – and not by email.

HMRC phishing email

What’s that old saying? In this world nothing can be said to be certain, except death and taxes? Maybe they should add a third certainty: phishing.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.