Small firms have been the victims of fraudulent emails purportedly sent by HM Revenue and Customs (HMRC).
The bogus emails attempt to persuade them to hand over confidential information with the promise of a tax rebate.
At the beginning of January, HMRC was said to be receiving thousands of reports a week from taxpayers about a number of tax email scams. Even now businesses and individual taxpayers are passing on information to HMRC about illegal emails at a rate of about 300 a week.
The police believe that fake emails aimed at small firms and taxpayers now constitute the largest single type of online crime.
The scam emails work by directing recipients to a web page that appears identical to the HM Revenue and Customs site with the inducement of a substantial tax refund.
The fake page is particularly misleading since it uses the same graphics and stylesheets as the actual HMRC site, the aim being to secure the name, address and credit card details of users.
Stephen Alambritis of the Federation of Small Businesses said: “They are very plausible and at a time when businesses need all the cash they can get, the prospect of a tax rebate is attractive. It is very worrying. We have been surprised and worried by the way the scams are organised.”
However, the promise of a non-existent tax rebate is not the only scam being run by criminals pretending to represent HMRC and targeting small businesses in the hope of getting people to disclose details that would enable the fraudsters to gain access to bank or business accounts.
HMRC has warned that although these fraudulent emails may contain the HMRC logo and other details, they are fake and recipients should never respond to an email which asks for personal information. The tax authorities said that, while they may send emails from time to time, they would never do so requesting login, bank and credit cards details.
HMRC has published a series of pointers that will help people spot a fraudulent email. These include: the padlock – anyone logging on to HMRC Online Services is always in a ‘secure session’, shown by the padlock in the bottom right hand corner of the web browser; fraudulent emails are not normally addressed to someone personally, and they can be missing addressee details; look out for the name – HM Revenue and Customs was formed in April 2005 following the merger of Inland Revenue and HM Customs and Excise departments, and those former departmental names no longer exist; embedded links – since the email may include a link that leads to a website that may appear genuine but is fake, hovering the mouse pointer over the link will show the real address to which the recipient is being directed.
Anyone who believes they have been sent a fraudulent email should report it to HMRC at phishing@hmrc.gsi.gov.uk
