HMRC phishing emails are scams where fraudsters pose as HM Revenue & Customs to steal personal or financial information.
These emails promise tax refunds, demand unpaid taxes, or warn about legal action. Scammers use fear and urgency to trick people into sharing bank details or clicking harmful links.
Anyone can be a target, from self-employed workers to large businesses.
If you receive a suspicious email, forward it to [email protected]. You can also report scam texts to 60599.
Creative Takeaways
- Common scams – Tax refunds, urgent payments, NI fraud.
- Red flags – Urgent demands, fake links, poor grammar.
- Report scams – Email [email protected], text 60599.
- Protect your data – Enable two-factor authentication.
Table of contents
1. What are HMRC phishing emails?
Phishing emails are fraudulent messages that trick people into revealing personal or financial information.
Scammers send emails pretending to be from HM Revenue & Customs (HMRC) to steal money, bank details, or login credentials.
These emails may look official, using the HMRC logo, formal language, and urgent messages to create panic.
How do these scams work?
Fraudsters usethe so-called social engineering method to pressure victims into acting quickly.
They claim to be someone else or some different organisation requesting official documents or credentials. They often state things like:
- “You are due a tax refund and need to provide bank details to receive it.”
- “You owe unpaid taxes and must pay immediately to avoid fines or prosecution.”
- “Your National Insurance number has been compromised and needs verification.”
- “HMRC needs to confirm your personal details due to a system update.”
Unfortunately, these scams work really well in some cases, because they exploit fear and urgency.
If you believe the email is real, you may enter sensitive information or click a link that leads to a fake website. These sites look like the real HMRC portal but capture login details and banking information.
2. Common HMRC phishing scams – examples
Scammers use different tactics to impersonate HMRC. We’ll go into more details on how you can spot them, but to actually avoid them, you have to know what they look like.
So, here are some common phishing scams and examples of how fraudsters operate based on our experience with our clients.
Tax refund scams
These emails promise a tax refund to trick people into sharing their bank details. The message usually includes a fake link leading to a bogus HMRC login page that looks like HMRC, but in reality, it’s from that.
Example: “You are eligible for a £532.41 tax refund. Click the secure link below to claim your refund before it expires.”
Good to know: HMRC will never email or text about tax refunds. Check your tax account on GOV.UK instead.
Urgent payment demands
These scams claim you owe unpaid taxes and threaten legal action if you don’t pay immediately. They may demand payment via bank transfer, cryptocurrency, or gift cards.
Example: “You have outstanding tax debt of £2,150. Failure to pay today will result in legal action. Click below to settle your balance.”
Good to know: HMRC will never demand immediate payment via email or threaten arrest.
National insurance fraud alerts
Scammers claim your National Insurance number (NI) has been used fraudulently or is about to be suspended. These emails have fake HMRC reference numbers to appear legitimate.
Example: “Suspicious activity has been detected on your National Insurance number. To prevent suspension, verify your details now.”
Good to know: HMRC will never suspend your NI number or ask you to confirm it via email.
QR code scams
Some phishing emails now useQR codes instead of links to bypass security filters. Scanning the code takes users to a fake HMRC website.
Example: “Scan the QR code to confirm your tax rebate eligibility. This is a secure and encrypted process.”
Good to know: Always go directly to GOV.UK instead of scanning unknown QR codes.
You can see more examples of HMRC phishing emails on the official website.
3. How to identify suspicious HMRC emails and messages
These fraudster go to great lengths to make phishing emails look legitimate. But don’t worry: there are clear warning signs that can help you identify a scam!
Check for red flags, look out for them, and you can prevent yourself falling for them.
One of the most common signs of a phishing scam is poor grammar and spelling mistakes. Official HMRC communications are professionally written and carefully reviewed. If an email contains unusual wording, random capitalisation, or awkward sentence structure, it is likely fraudulent.
Sometimes, these messages arrive from foreign countries, and they don’t pay attention to these details.
Another warning sign is urgent or threatening language.
Scammers create a sense of panic by telling you that you must act immediately (!) to avoid legal action or financial penalties. They want you to react without thinking.
Phrases like “Failure to respond will result in prosecution” or “Your tax refund expires in 24 hours” are common tactics.
The sender’s email address can also be a giveaway.
Official HMRC emails come from addresses ending in gov.uk. A scam email may use something similar but slightly altered, such as @hmrc-taxrefunds.com or @gov-tax.co.uk. If the sender’s address looks suspicious, do not trust the email!
Many phishing emails include suspicious links, attachments, or QR codes.
Clicking on a link in a fraudulent email may take you to a fake website designed to steal your login details. Attachments might contain malware that can infect your device.
HMRC will never send QR codes in emails, so this is a major red flag.
A key indication of a scam is any request for personal details or payments via email or text. HMRC will never ask for your bank details, National Insurance number, passwords, or payment information through these channels.
If you receive a message asking you to provide sensitive information, assume it is fraudulent!
4. How to report HMRC phishing emails
If you receive a suspicious email, text, or call claiming to be from HMRC, report it immediately!
When there is a phishing email alert, forward the email to [email protected]. Do not click any links or download attachments!
There’s a detailed explanation on HMRC’s website about how to report these types of content. UK’s National Cyber Security Centre also gives guided explanation on scams – not just emails, but messages, calls, QR codes, and other types of fraudulent activities.
You can report an online cyber incident on their website. Reporting not only helps you, but also the authorities to protect others from falling victim.
5. How to protect yourself from HMRC phishing scams
Stay alert, and follow these steps to protect yourself from phishing scams:
- Verify emails – Check the sender’s address and visit GOV.UK instead of clicking links.
- Ignore urgent demands – HMRC won’t threaten arrest or immediate payment via email or text.
- Never share personal details – HMRC will never ask for passwords, bank details, or National Insurance numbers via email or text.
- Report scams – Forward phishing emails to [email protected] and scam texts to 60599.
- Use strong security – Enable two-factor authentication and keep software updated.
- Watch for new scams – Scammers change tactics. Stay informed on GOV.UK.
If you’re unsure whether an email is real, think you’ve been scammed, or need advice on staying safe, reach out. It’s better to check than take a risk.
