It’s not a tax rebate – it’s an HMRC phishing scam

Another HMRC phishing email is doing the rounds. These are by no means uncommon (some 250,000 phishing emails purportedly sent by HMRC were reported between 2012 and 2015), but are clearly successful enough to be worth it for criminals.

The Malwarebytes blog reports that the latest example offers the promise of a tax rebate if you fill in a form with – you guessed it – all of your personal information, including your address, email address, phone number, bank details, credit card details and mother’s maiden name – a common two-factor authentication question. It also asks for your HMRC password for good measure.


[Image: Malwarebytes]

Needless to say, if you receive such an email, you shouldn’t enter your personal data.

Click here for a handy infographic about the threat of phishing >>

HMRC updated its guidance on recognising phishing emails last month, and notes that it never sends tax rebate notifications by email. It asks that if you receive a fraudulent email you report it to

The danger of phishing to businesses

As well as opening up the opportunity of identity fraud, phishing attacks potentially compromise all your online accounts – depending on how assiduously you apply password best practice and rely on robust information security practices. If you’re concerned about your staff’s susceptibility to phishing attacks and the danger to your corporate information, you may be interested in the following:

  • Our Employee Phishing Vulnerability Assessment will identify potential vulnerabilities among your employees and provide recommendations to improve your security, giving you a broad understanding of how you are at risk and what you need to do to address these risks.