November 23, 2018

Good day, welcome to another bulletin from Breaking Scams…


Scam, just in…


The HMRC are a firm favourite of the cyber-scammer. They love to use the UK Government as a trusted source to try and scam us out of our hard-earned cash. In the past, phishing emails would come out on a regular basis purporting to be from HMRC. Often the emails would be along the lines of:


“We have detected you have overpaid tax”

 “Click here to reclaim your overpaid tax”


This is obviously a scam, after all, how often do we get real emails from HMRC offering to repay tax? However, in March 2018, HMRC received 84,549 phishing reports, with such a large trawl, the phishers are bound to catch some fish.


The scammers at it again. This time they are using phone calls to try and trick us. Phone-based phishing is also known as “Vishing”, that is, the phone version of an email phishing campaign. This week, a colleague received a voicemail on their mobile, it said this:


“I’m calling about a fraud case registered under your name. You have to press 1 to get connected to an officer of Her Majesty’s Revenue and Customs. In case you don’t press 1 and your call is not connected to us, then a warrant will be issued under your name straight away and you will get arrested shortly”

You can listen to the audio received, below:


Yes, the English was not great, and yes, they foolishly chose an automated U.S. voice for the message, not a UK accent – signs this is not a real HMRC call.


Other methods that HMRC scammers use to make you react include:


  • Fear – the voicemail left a threat at the end about being arrested if you do not act FAST!
  • Trust – the HMRC is a known UK government organization that we (tend to) trust.
  • An action that has a general truth to it – we normally pay our taxes, the scammers are hoping to prey on your sense of civic duty to react (did you forget to pay, could this be real?)


What to do if you receive an HMRC call or voicemail like this?


The example above was a call that went straight to voicemail. If this happens to you, do not call the number back or press the button as they ask you to do. Even if, like my colleague, you want to “play” with the scammer, don’t. The number you call may be a premium number that charges your phone account.


If it’s a call you take, and you cannot verify the person’s identity, hang up. HMRC should always be able to quote your taxpayer reference number. In addition, you can always call HMRC directly to check the facts.


Whatever you do, don’t engage the scammer, it is like throwing fuel on a flame.


It is always a good idea to report any fraudulent calls to HMRC. You can send details of any phishing attempt to: phishing@hmrc.gsi.gov.uk


This time, the HMRC scam call was clearly a phishing exercise. However, don’t be fooled, one thing is sure – phishing scams often improve over time – next time the HMRC scam call may sound plausible. This is why it is important to keep security aware and on top of everyday cybersecurity threats.



Don’t forget to share this with your colleagues and friends and help them stay safe.

Let’s keeping breaking scams!

Share this: