In the UK, about 4.3 million people are due tax refunds due to computer error and the scammers jumped all over this and are now sending tons of emails out to look like it's from the HMRC and asking for your bank info so they can send the rebate.
This would NEVER happen via email so if you get one of these DO NOT click on any of the links or provide any financial information from a link within an email.
Tuesday, September 7, 2010
Subscribe to:
Post Comments (Atom)
I recieved one of these, luckily my husband used to work for them, and straight away asked the same question as i did, why would they need card details. Going to try and report to tax office.
ReplyDeleteHere is a useful article I found posted just today in the Bridport & Lyme Regis News:
ReplyDelete----------------
A self-employed caterer from Bridport is warning other businesses to beware of a plausible email scam. Sarah Moore, who set up her catering company eight years ago, got the email claiming to be from HM Revenue and Customs promising her a tax refund.
She said: "With all that's been in the news lately about the tax mix up it's not unbelievable. The email had an HM Customs refund address and said I was due £350.80 and it would be put directly in my bank account."
"I got suspicious when it asked for my bank details and I got on to HM Customs right away." The government department wanted her to forward the email so it could be investigated.
Ms Moore said: "I really wanted to alert people to this because not everybody would know not to fill in those details."
They have confirmed it is a complete scam and not to do anything with it but to forward it on so it can be investigated.
"It looked very professional and there are a lot who might fall for it."
"There’s been lots on the news about tax and that people are going to be owed, that's why it is so clever."
The email says the refund might be delayed or lost if the details miss a five to seven day deadline or are incorrect.
If anyone has received a similar email they should forward it to: phishing@hmrc.gsi.gov.uk The scam email has a link to the refund 'site' which now has a warning saying it is a 'phishing' scam.
Lisa Billard of HM Revenue & Customs said: "We only ever contact customers who are due a tax refund in writing by post. We never use emails, telephone calls, or external companies in these circumstances. If customers receive such an email claiming to be from HMRC, we recommend they send it to us for investigation before deleting it permanently."
Between May – July 2010 HMRC shut down more than 180 websites that were responsible for sending out fake tax rebate emails.
HMRC advises customers to:
* check the advice published at www.hmrc.gov.uk/security/index.htm to see if the email you have received is listed
*forward suspicious emails to HMRC at phishing@hmrc.gsi.gov.uk and then delete it from your computer/mail account
* do not click on websites or links contained in suspicious emails or open attachments
* follow advice from www.getsafe online.co.uk
If you have reason to believe that you have been the victim of an email scam, report the matter to your bank/card issuer as soon as possible. If in doubt please check with HMRC at http://www. hmrc.gov.uk/security/fraud-attempts.htm
In August HMRC warned taxpayers in Dorset to be vigilant following reports that thieves are making phone calls pretending to be the taxman.
In the last 18 months, scam networks have been shut down in a number of countries, including Austria, Mexico, the UK, South Korea, the USA, Thailand and Japan.
In September 2009, a record 83,000 phishing attempts were reported to HMRC.
Phishing is a type of attack with the aim of stealing private information, such as login credentials or credit card numbers.
An attacker impersonates a trusted entity, such as a bank, government or large web site, and tries to trick people into giving their private information.
These attacks often take the form of 'urgent' emails asking people to take immediate action in order to prevent some impending disaster.
People who click on the links in these emails may be taken to a phishing site – a web page that looks like a legitimate site they've visited before, but is actually controlled by an attacker.
Because the page looks familiar, people visiting these phishing sites enter their username, password, or other private information on the site. What they've done is given a third party all the information needed to hijack their account and steal their money.