Springfords LLP News

To receive our quarterly e-newsletter filled with the kind of news you can use, register here.

HMRC (and other) email scams

21 January 2016

With the tax return deadline looming, it’s the time of year for scammers to send out fake emails, supposedly from HMRC, promising a tax refund.

The emails will usually look genuine, complete with high quality HMRC logo, official sounding reference numbers and from an email address ending in ‘’ (although the language is often a bit odd – e.g. ‘your fiscal activity’).  They usually contain a link to a website asking you to fill in bank or other personal details to claim your refund.  It is these personal details the scammers are really after, in order to provide them with ammunition for identity and other frauds.

The fake website the emails direct you to will often look very much like a page from the official HMRC website.

HMRC have some examples of emails and fake websites on their website here 

So, how can you tell if an email supposedly from HMRC is fake?

Thankfully this part is simple – HMRC never contacts taxpayers who are due a refund by email – these notifications are only sent by post.  (It’s also worth knowing that HMRC also never contacts taxpayers about refunds by telephone or via third party companies).  In short, if it doesn’t come in the post from HMRC, it’s fake.

Other scams to watch out for:

Email scams seem to be becoming more and more frequent these days, and the scammers are good at coming up with new tricks…

For example, at Springfords, we've received a number of ‘fake internal emails’ recently, seeming to come from a senior colleague.  They will come complete with genuine email footer and language (they will have been copied from a genuine email the scammers have got hold of from somewhere) and will be targeted at someone in the accounts department (it’s easy for a scammer to find out who deals with payments to suppliers in an organisation – usually a quick phone call asking who deals with purchase ledger payments will be all it takes).  They ask for the recipient to make a payment to some supplier with the following bank details, and, for some plausible sounding reason, the payment needs to be made urgently. 

These have been termed ‘whaling’ fraud emails because, instead of regular ‘phishing’ emails which target lots of smaller fry, they are specifically targeting ‘one big fish’ in an organisation.  Watch out for them!  It’s a good idea to have a policy never to make any payments from your organisation solely on the back of an email.

Finally, another favourite that we’ve been seeing a lot of recently is emails that appear to come from the photocopier/scanner from ‘’ or similar.  These emails will tend to have a Word / Excel or zipped attachment rather than the usual PDF.  The attachments are, of course, fake and will contain viruses or other malware enabling the sender to gain access to your PC if opened.  The clues here are the type of attachment and the fact that they will be different from the usual emails you get from the photocopier after scanning.

As always, vigilance and awareness of the potential issues is key to defending yourself from these attacks – stay safe!

For more information, contact Paul Hutchison at

Contact Us
  terms & privacy
Part of Baldwins