Data protection and security

How to spot a fake HMRC email

It's estimated that there are over 3 billion emails sent a day by cyber criminals - they are designed to trick you into making a payment or getting access to your accounts. In many cases, these emails look like genuine emails sent by the companies they are imitating.

An email where someone is pretending to be another person or company is known as a phishing email. 

Tip: If you believe an email you have received is not genuine, do not click any links in the email. Instead, you should forward it to HMRC - [email protected]  

 

How can you identify a fake email? 

The sender of the email

Emails that are sent from HMRC will always be sent a from a GOV.UK email address, they will not email you from other domains like Google Mail or Outlook. 

In some cases, the emails may come from an email address that is created to look similar to the GOV.UK or the name of the sender may show as HMRC.

Tip: You should always check the email address itself as the name of the email sender can be easily changed.

The content of the email

HMRC does not send emails informing you of tax rebates or penalties. They will also not ask you for any personal or payment information in an email.

Content in the emails will also be spelt correctly, this is a key indicator that an email may not be genuine.

In the image above, the email contained a linked that includes 'gv.uk' within it, this is an attempt to convince you that the link they are sending you to is an official HMRC page.

Tip: HMRC pages are always hosted on an official GOV.UK URL.  

A sense of urgency to act

The email may also contain a deadline or timeframe that you need to act. They may say your account may be closed or you'll be at risk of a fine if you don't reply with 24 hours. 

In some cases, urgency can be genuine. For example MTDsorted will automatically information you when you've got a VAT return coming up. However, if they are demanding a payment or threatening you with a penalty, this could be a scam.

 

What can you do if you spot a fake HMRC email?

You're able to report suspicious emails directly to HMRC, this will allow them to investigate the email source and pursue things further.

If you receive a suspicious email, you should forward it to [email protected] 

 

How can I tell if an email from MTDsorted is genuine?

✅ We'll always email you from an @mtdsorted.co.uk email address.

✅ We will never ask you for your account password.

✅ Our automated emails (like submission reminders or Government Gateway connection emails) will appear in the Notification Centre so you can quickly identify if they are from us.

How can I verify an email from MTDsorted is genuine?

 

Bringing it all together

Here's an example of an email that was reported to us, we've highlighted a few of the key points we used to help identify that the email was not genuine.

❌ The sender email address was from an .fr email address, HMRC will always email you from an email address ending with .GOV.UK.

❌ A sense of urgency in the subject line and in the body of the email. The deactivation message at the bottom also does not relate to the rest of the content in the email.

❌ Dear valued customer, HMRC will not address you like this in an official email.

 

You can read more about this by following the HMRC guidance:

 

Posted 3 weeks ago by Stuart
Last updated 2 weeks ago