Phishers jump on HMRC tax blooper
Phishers have been sending out emails based on the tax blunder affecting millions in the UK.


Fraudsters have leapt on the chance to initiate a phishing scam based around the tax error debacle.
Millions are thought to have paid the wrong tax and HM Revenue and Customs (HMRC) will be contacting the affected people this month, but only via post.
Phishers, as is often the case, have made the most of a big news story and sent out messages pretending to be from the HMRC.
"Tax refund scam mails have been popular for a long time, but in the current climate of our tax office has screwed up in spectacular fashion' it seems phishers will be giving it some serious attention," said Christopher Boyd, Sunbelt Software's senior threat researcher, in a blog post.
One email intercepted by Sunbelt took the target to a fake HMRC website, asking for personal data, including a full name, address, phone number and mother's maiden name.
The page also auto-filled a tax file number box in its bid to convince users of the site's supposed legitimacy.
Boyd said people can expect a "deluge of spam mail with infectious attachments," noting the UK tax office does not send "random emails asking for personal information."
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
A fraudulent file
Sophos has also spotted similar emails, many containing the subject line "You Have An HMRC Refund" and an attached form that asks for data such as credit card details.
"If you do make the mistake of filling in the form, your confidential data is uploaded to a Chinese server," said Graham Cluley, senior technology consultant at Sophos.
"You're not going to receive a windfall because of this form - you've just been phished."
HMRC told IT PRO affected people will not be contacted by email or phone, and will not be asked to send personal information to anyone.
Last month, HMRC reported a spike in tax scam phishing emails being reported to the Government body.
It had shut down over 180 websites sending out fake tax rebate messages over a three-month period.
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.
-
LaunchDarkly to "double down" on observability with Highlight acquisition
News Highlight's observability tools will be integrated into LaunchDarkly's Guarded Releases software deployment service
By Daniel Todd
-
Samsung Galaxy Tab S10 FE review
Reviews The Tab S10 FE retains the feel and core capabilities of Samsung's high-end S10 tablets, but compromises on the display and the performance
By Stuart Andrews
-
96% of SMBs are missing critical cybersecurity skills – here's why
News The skills shortage hits SMBs worse as they often suffer from a lack of budget and resources
By George Fitzmaurice
-
Sophos Firewall Virtual review: Affordable network protection for those that like it virtualized
Reviews Extreme network security that's cheaper than a hardware appliance and just as easy to deploy
By Dave Mitchell
-
MSPs are struggling with cyber security skills shortages
News A shortage of tools and difficulties keeping pace with solutions were also ranked as key issues for MSPs
By George Fitzmaurice
-
Nearly 70 software vendors sign up to CISA’s cyber resilience program
News Major software manufacturers pledge to a voluntary framework aimed at boosting cyber resilience of customers across the US
By Solomon Klappholz
-
Sophos and Tenable team up to launch new managed risk service
News The new fully managed service aims to help organizations manage and protect external attack surfaces
By Daniel Todd
-
Ransomware groups are using media coverage to coerce victims into paying
News Threat actors are starting to see the benefits of a more sophisticated media strategy for extracting ransoms
By Solomon Klappholz
-
Shrinking cyber attack “dwell times” highlight growing war of attrition with threat actors
News While teams are becoming more proficient at detecting threats, attackers are augmenting their strategies
By Ross Kelly
-
Cyber security in the retail sector
Whitepapers Retailers need to ensure their business operations and internal data aren't breached
By ITPro