The self-assessment tax return deadline is fast approaching. This can be a stressful time for businesses, especially if you handle your own accounts. Sadly, criminals are only too quick to take advantage of this pressured time of year.
Tax season presents a golden opportunity for fraudsters. Knowing that you are expecting contact from HMRC, they will often pose as the organisation via emails, text messages and phone calls.
Their goal is to trick you into giving away account information, or to convince you to transfer money directly. This practice is known as phishing, and it is by far the most common form of fraud directed at businesses. Last year, 83% of breaches detected by UK companies were phishing scams.
These scams are becoming more sophisticated every day and, with the average security breach costing £2,670, getting caught out can be extremely costly. Luckily, there are some simple steps you can take to stay safe.
Be on the lookout for red flags
Most HMRC scams will use one of two tactics. They will try to scare you with threats of a large fine, or tempt you with promises of a generous rebate. Look out for anything that seems overly threatening or too good to be true. Other common warning signs include:
- A message that you weren’t expecting.
- Requests for personal information such as bank details.
- Any attempt to make you transfer money.
- An email address that appears official but is fake on closer inspection. Real HMRC emails use a gov.uk suffix, so be on the lookout for variations such as hmrc.com and hmrc.co.uk.
Never click a link or open an attachment in an email or text message unless you are sure that it is genuine. If you have any doubts, it’s best to contact HMRC directly. Logging into your self-assessment account or calling the HMRC helpline will allow you to check the authenticity of any messages you have received. The key is not to use the contact details within the suspicious communication.
How to report a scam
Spotting a scam is only the first step. The best way to ensure it doesn’t happen again is to report it to HMRC. Suspicious emails and phone numbers can be forwarded to phishing@hmrc.gov.uk. You can also forward SMS messages to 60599. HMRC will investigate these reports and add the email addresses and phone numbers to its list of known scams.
Other scams to look out for
Criminals will use similar tactics to pose as other organisations. Common examples include:
- Messages from Royal Mail, DPD or another courier claiming you have missed a parcel delivery. These will usually give you a fake tracking number and direct you to a website to organise a redelivery. Rather than following this link, you should go straight to the courier’s official website and enter the tracking number. This will tell you if it’s real or not.
- Messages from Companies House that mention a late filing penalty or ask for your authentication code. As with HMRC scams, the government has a dedicated email address for Companies House scams. Suspicious emails can be forwarded to phishing@companieshouse.gov.uk.
What can you do to protect your business?
Guarding against phishing is a two-step process. You need to make sure your cybersecurity measures are up to scratch while also training your staff to recognise scams.
If you haven’t updated your antivirus software in a while, you should make this a priority. A good antivirus program will flag many suspicious emails before they reach your inbox. If colleagues are working from home, you should also make sure they have adequate antivirus software on their own computers.
Even with the best software, some fraudulent emails will still get through. This means that training is also vital. Save any examples of scam emails and show them to your employees. Highlight the suspicious elements so they can spot them next time. Some companies even carry out phishing drills – sending simulated phishing emails to employees as practice for the real thing.
As online accountants, we deal with HMRC every day. This means that spotting scams is second nature to us. If you’ve received a suspicious message from HMRC or anyone else, don’t hesitate to get in touch and we will use our experience to help you manage your response.
