Self Assessment customers warned about scammers posing as HMRC

Self Assessment customers should be alert to criminals claiming to be from HM Revenue and Customs (HMRC). As the department issues thousands of SMS messages and emails as part of its annual Self Assessment tax return push, HMRC is warning customers completing their returns to take care to avoid being caught out by scammers. The annual tax return deadline is on 31 January 2021.

The department knows that fraudsters use calls, emails or texts to contact customers. In the last 12 months, HMRC has responded to more than 846,000 referrals of suspicious HMRC contact from the public and reported over 15,500 malicious web pages to internet service providers to be taken down. Almost 500,000 of the referrals from the public offered bogus tax rebates.

Many scams target customers to inform them of a fake ‘tax rebate’ or ‘tax refund’ they are due. The imposters use language intended to convince them to hand over personal information, including bank details, in order to claim the ‘refund’. Criminals will use this information to access customers’ bank accounts, trick them into paying fictitious tax bills or sell on their personal information to other criminals.

HMRC’s Interim Director General for Customer Services, Karl Khan, said:

“We know that criminals take advantage of the Self Assessment deadline to panic customers into sharing their personal or financial details and even paying bogus ‘tax due’.
 
“If someone calls, emails or texts claiming to be from HMRC, offering financial help or asking for money, it might be a scam. Please take a moment to think before parting with any private information or money.”

Pauline Smith, Head of Action Fraud, said:

“Criminals are experts at impersonating organisations that we know and trust. We work closely with HMRC to raise awareness of current scams and encourage people to report any suspicious calls or messages they receive, even if they haven’t acted on them, to the relevant channels. This information is crucial in disrupting criminal activity and is already helping HMRC take down fraudulent websites being used to facilitate fraud. 

“It’s important to remember if you’re contacted out the blue by someone purporting to be from HMRC asking for your personal or financial details, or offering you a tax rebate, grant or refund, this could be a scam. Do not respond, hang up the phone, and take care not to click on any links in unexpected emails or text messages. You should contact HMRC directly using a phone number you’ve used before to check if the communication you have received is genuine.

“If you’ve been the victim of fraud, contact your bank immediately and please report it to Action Fraud online at actionfraud.police.uk or by calling 0300 123 2040.”

Customers can report suspicious activity to HMRC at phishing@hmrc.gov.uk and texts to 60599. They can also report phone scams online on GOV.UK.

HMRC is also warning the public to be aware of websites that charge for government services – such as call connection sites – that are in fact free or charged at local call rates. Other companies charge people for help getting ‘tax refunds’. One way to safely claim a tax refund for free is to log into your Personal Tax Account.

HMRC has a dedicated Customer Protection team that identifies and closes down scams but asks the public to recognise the signs to avoid becoming a victim. HMRC regularly publishes examples of new scams on GOV.UK to help customers recognise phishing emails and bogus contact by email, text or phone.

Business Against Scams live online session

Following the success of the online "Friends Against Scams" sessions aimed at communities and individuals, Buckinghamshire and Surrey Trading Standards are now launching a special programme aimed at businesses and the charity/voluntary sector.

The programme is suitable for anyone within a business/organisation that has the authority to make financial decisions or has access to private business/company/organisation information.

These sessions aim to:

• raise awareness of scams targeting businesses
• help businesses prevent themselves from becoming the victims of such scams

The first session is on 24th November at 10:30 and should take just over an hour, depending on how many questions are raised.

Highlights will include government grant and tax rebate scams, CEO fraud, invoice/mandate fraud and tech support scams as well as providing more general practical steps for reducing risks from scams.

Businesses are very welcome to join the programme.  Those interested in attending the session on 24th November should email Natalie Webb to book a place: natalie1.webb@surreycc.gov.uk

If that date doesn’t work for you, interested businesses can contact Natalie to pre-book for our next Business Against Scams live online session on 26th January 2021.

Thames Valley Police Cyber Protect - latest guidance

TVP has recently issued the last newsletter for 2020 packed with information on cyber security matters. It offers a wide range of up to date cyber guidance to the public, private and charity sectors in the Thames Valley. Well worth a read. 

Finally, taken from the TVP newsletter, here are some basic security protection pointers:

• Agree to secure processes between employees internally and externally around financial transactions. This might include verifying through other trusted channels, and segregating duties
• Defend against phishing. Avoid clicking on attachments or links in emails you aren't expecting. These can contain malware which gives access to monitor accounts/steal information. In general, it's also good practice to be suspicious of any correspondence asking you to act urgently with a veiled threat e.g. "send these details within 24 hours" or "you've been a victim of crime, click here immediately". More information can be found via the NCSC. https://www.ncsc.gov.uk/
• Prevent malicious software (malware) infections. Using antivirus, firewalls, and other tools to scan computers and devices regularly can prevent malware from giving attackers unauthorised access to your systems.
• The importance of updates. Keep your personal and business computers updated with the latest security fixes. Guidance on vulnerability management can be found via the NCSC. https://www.ncsc.gov.uk/
• Spread the word. Staff awareness and experience is key to increasing your resilience. Regular training and communications about the issue should be an organisational priority. Although email is a major attack vector, also be aware of other communication methods as they can all be abused for fraudulent purposes.

Source SWROCU

Please stay protected!