Beware of HMRC Corona Virus Spam

Beware, criminal minds are both creative and adaptable. Not only are there people selling fake vaccines face-to-face, but online fraudsters are circulating a new HMRC scam.

What are the details of the coronavirus scam?

An online security company, Mimecast, is recording an ever increasing number of these new phishing emails. They claim that HMRC have set up a new tax refund programme in response to the economic consequences of the coronavirus.

To add extra legitimacy to their claims, it says the new scheme is “in cooperation with National Insurance and National Health Services”. Recipients of these fake emails are directed to a phishing website that carries the HMRC logo and other realistic Gov.UK branding. People are then asked to give all the personal details the criminals need to break into their bank account or buy things using their money. Just the basic details of name, phone number, address, bank card number and mother’s maiden name are enough to enable such crimes, when they are combined.

As Mimecast summarise: “Traditional and already-known attacks are often modified to incorporate current geopolitical events that are taking place in an attempt to lure the vulnerable to click on links in emails or texts. This certainly isn’t the first time we have seen this, as it has also been observed during the Australian wildfires and even Brexit.”

Director of threat intelligence at Mimecast, Francis Gaffney, said: “With panic around the virus continuing to increase, we can expect to see even more attempts by cybercriminals to trick vulnerable people. It is vital that the public do not respond to any electronic communication in relation to monies via email and certainly do not click on any links in any related message.”

He also pointed out that the surge in numbers of people working from home requires extra vigilance around cyber security risks: “Keeping a remote workforce secure requires a lot of preparation from organisations. It means following best cyber security practices and ensuring good cyber hygiene.”

How serious is Covid-19 spam?

Action Fraud say that they received 21 reports of Covid-19 related scams last week. The total amount of money lost to these scammers is £800,000. That one fact alone demonstrates how serious the situation is.

What are HMRC saying?

HMRC’s advice remains the same as ever: “If someone emails or calls you claiming to be from HMRC saying that you are owed a tax refund, and asks you to click on a link or to give information such as your name, credit card or bank details, it’s a scam. Fraudsters use a range of techniques, including emailing or phoning taxpayers and offering a bogus tax refund, or threatening them with arrest if they don’t immediately pay tax owed.”

How do I keep myself safe from these types of fraud?

These criminals are playing on people’s fears, which is easy to do during a worldwide pandemic with all its potential consequences. Especially when an increasing number of people are worried about having a stable income.

You can find out more about the scam and some examples on HMRC’s website and it let’s you report anything you receive as well.

The advice is the same as it’s always been:

  • Think before you click – do not open any attachment or link in a suspicious email
  • Remember that HMRC will never email, text, phone or message you to ask for any personal or financial details
  • Don’t just delete them, report them first. Forward dodgy emails to [email protected]. Forward texts to 60599. You don’t need to open them or click on anything first, just send them. It gives HMRC evidence to fight these criminals and get such organisations shut down.
  • Don’t be scared. This is not something else to be frightened of. You are in control of this situation. You just have to check that anyone phoning, texting or emailing you saying they are from HMRC are legitimate. Hang up and dial a number from HMRC’s website, not a number the caller gives you, and talk to an adviser. Don’t open anything or fill in any online forms with your details, unless you’ve phoned to make sure it’s a real email. You are not going to get into trouble if it really is HMRC, they would prefer you check first.
  • If it seems too good to be true, it probably is. You will not get notice of a tax refund from HMRC by email. Especially if you haven’t actually applied for one.

To stay safe: Be suspicious, think before you click, hang up and check any communication is real with HMRC.


Tony Shanks
Operations Director
Member of the ATT

If you enjoyed this article please share it with your friends:


Tax Refund Calculators

To find out how much you could be owed - CLICK HERE

Back to Top
Back to Top