How To Spot HMRC Scam Emails

It's a problem many of us have faced - is this email I've received from 'HMRC' a scam?

One of our client's reached out to us with a suspicious email they received from 'HMRC' and we want to use it as an example to show you 3 ways to quickly spot if an email is genuinely from HMRC or whether it's a scam.


Click for full size image

Email Example

As you can see the email looked as though it was from Gov.UK and was offering the recipient a tax refund that they hadn't expected, providing they filled out a required form.

So, let's dive into the email and spot some key evidence as to why this email from HMRC is a fake.


Evidence 1: Who Is The Email For?

If the email doesn't address you by your first / full name, there's a high chance it's a scam.

Scam emails that you receive will be sent via a system, rather than a person. This system has trawled through the internet searching for email addresses that are linked to some sort of business website.

The system then imports this information into an email template - and autofills

' Hi, [insert-name]' with thousands of email addresses.

This helps to personalise the email in an attempt to avoid the spam folder. 

But knowing this bit of information suddenly makes scam emails really easy to spot. If the email greets you with your email address, rather than your name, it's probably a scam.

Caution

Scam email is so prevalent because it doesn't take long to find an email address. However, some high end systems will find a name that is linked to the email address and send the scam email to you personally by your first / full name - these are harder to spot as they look more legitimate.


Evidence 2: Who Has Sent The Email?

This one is a really easy check and will confirm any of your suspicions about whether the email is a scam or not. 

The name on the account will look legitimate - in this instance it's 'Government Gateway-HMRC'. However, when you dig a bit deeper and view the actual email address that sent the email you will find your answer: 

kwskoai@canadiannanny.ca>
Date: 9 June 2017 at 20:21:57 BST

I'm not sure any canadian nanny works for HMRC, nor has the power to refund my tax. This email is definitely a scam.

Caution

Sometimes, the email address might not be so obviously fake. A quick google search of the email address will help you understand if the sender is legitimate or not.

In this instance a google search shows that Canadian Nanny are a legitimate and reputable online business - they probably aren't sending this email.

Instead, a system has identified that their website url (canadiannanny.ca) isn't used in their email address (@careguide.com) - meaning that the url get's a big thumbs by search engines & is free to register as an email address. If the system uses their url as an email address, the emails will probably avoid the spam folder.


Evidence 3: Where Does The Link Send You (DON'T CLICK!)

Without clicking the link - you can find out where this email is trying to send you.

If you hover over the link with your mouse, somewhere at the bottom of the screen will appear the website that the text links to.

If the website addresses doesn't look like the real GOV.UK login portal - it's a scam email. Here's the URL from our example email:

If you're still not sure, enter part of the website url into a google search and see what comes up (e.g: mirnogotkov - not the entire url).

Our find - a Russian nail painting website.

Caution

In this email there is no direct instruction to 'click the link' - it simply states that there is a form to fill in to get your tax refund. Which, is technically true at the real HMRC.... 

Most people will click this link out of habit though -  without being instructed to do so in the email - which is key to their tactics! 

It will be hard to prove an email like this tricked you into handing over your personal details - seeing as it never asked for them in the first place.


What Happens If You Click The Link?

We can't say for sure, but clicking the link probably won't cause you much harm. It will notify the sender that you engaged with the email and are open to receive more emails from them, but you haven't handed over any more data than what they already have - your email address.

So don't lose to much sleep if you've clicked the link - the problems come when you enter your details after clicking the link, or download a file onto your computer.

In the latter instance, we'd reccommend getting an IT specialist to give your computer a check over for any viruses or malware.