© Crown copyright 2017
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: email@example.com.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/genuine-hmrc-contact-and-recognising-phishing-emails/genuine-hmrc-contact-and-recognising-phishing-emails
1. Current list of digital and other contact issued from HM Revenue and Customs (HMRC)
1.1 HMRC Customer Survey calls and letters
From August 2017, letters inviting households to participate in the annual HMRC Customer Survey are being sent out. The letters include a link to the survey. The letters are being sent by Kantar Public, an independent research organisation undertaking the survey on behalf of HMRC, and will carry HMRC’s logo. Additional letters and postcards reminding households who have not responded to complete the survey will also be sent out in September 2017 with the same information.
Letters to businesses and tax agents requesting participation in the annual HMRC Customer Survey are also being sent out from August 2017. The letters inform customers that they may be contacted by telephone by a representative from Kantar Public an independent research organisation undertaking the survey on behalf of HMRC.
Whether completed online, on paper or on the telephone, the survey will not ask the customer to provide any personal or financial information.
From September to November 2017, customers may be telephoned by a representative from Kantar Public, an independent research organisation, asking them to participate in a survey on behalf of HMRC about the dealings people have with them. In the survey customers would be asked about their interactions with HMRC, their experiences and general perceptions. The survey will not ask the customer to provide any personal or financial information.
1.2 Research on saving and Help to Save
From August to October 2017, HMRC will be working with Ipsos MORI, an independent research agency, to conduct research on saving and the Help to Save scheme. Ipsos MORI and HMRC will be sending a joint letter to randomly selected individuals who are eligible for Help to Save, inviting them to take part in the research.
A contact name at both Ipsos MORI and at HMRC is provided - in case further information about the research project, or reassurance as to its authenticity, is required. The letter will also direct customers to the HMRC research web page for this purpose.
Customers who wish to opt-out from taking part in the research should provide their name and the reference at the top of the letter by phone or email to Ipsos MORI. No further action is required from customers who are willing to take part. The letter does not request any personal, payment, or tax related information at this stage.
1.3 Helping to improve GOV.UK - emails
Customers who sign up to help improve GOV.UK to make government services better, will receive email communications from HMRC. The first email will include a link which should be followed in order to complete the signing up process. The second email, issued after registration, will include a link to a research blog.
Once you have signed up, you may receive emails that include links to short surveys about research.
If you meet the criteria for the research, you’ll receive an email that will invite you to take part. The email will either give you a link to participate online or additional details to participate face-to-face. The emails will not request any personal or financial information. They will all contain a link for you to unsubscribe.
1.4 Research on the barriers to saving for retirement and later life
During August to November 2017, HMRC will be working with an independent research agency called Ipsos MORI. The agency conducts research on the barriers to saving for retirement and later life.
Ipsos MORI and HMRC will send a joint letter to a random sample of customers, displaying the logos of both organisations, inviting them to take part in the research. A contact name at both Ipsos MORI and HMRC is provided, in case of further information about the research project is required or if the customer would like to opt-out from taking part.
If the customer does wish to opt-out from taking part in the research, they’ll need to provide their name and the reference at the top of the letter by phone or email to Ipsos MORI. If they’re willing to take part, no further action is required.
1.5 Emails sent to customers promoting Personal Tax Account
Customers who contact HMRC helplines will be asked if they wish to sign up to a Personal Tax Account (PTA). For those customers who don’t wish to sign up by telephone, they’ll be offered further information by email. If customers agree to provide an email address, they’ll be sent some information by email whilst they’re on the phone. The email provides background information to what the benefits are of signing up to PTA and how the customer can go about doing it. The email won’t request any personal or financial information.
1.6 Overseas entities selling e-services into the UK
From October 2016, HMRC will be communicating with businesses based overseas who sell e-services into the UK. The primary method of communicating with these businesses will be via email.
The initial email to them will contain a link to this webpage, so that the recipient can see HMRC is carrying out such communications. These emails won’t ask for personal or financial information.
1.7 Tax credits calls to self-employed customers
HMRC may telephone new or existing self-employed tax credits customers to ask about their self-employment. Self-employed customers who have been receiving Working Tax Credit for a number of years will have received a letter last year to tell them about the new strengthened test for self-employed people. Customers who have made a recent claim for tax credits and said in their claim that they, or their partner, are self-employed, won’t have received a letter from us about this check but we may contact them by telephone first.
In this call, HMRC will ask what trade, vocation or profession the customer undertakes. They may ask questions about the number of hours the customer works as a self-employed person and what type of activity that includes. After the call, they’ll send the customer a letter tailored to their circumstances asking them to provide further evidence of their self-employment.
HMRC won’t ask the customer to provide any personal details such as bank account numbers over the phone.
1.8 VAT EU emails
Some customers that use the VAT EU refunds service may receive an email if their claim has failed validation. The email will provide details explaining why the claim has failed. The emails won’t request any personal or financial information.
1.9 Emails to overseas businesses selling goods in the UK through online marketplaces
From September 2016, HMRC will be contacting businesses based outside the UK who sell goods to customers in the UK through online marketplaces.
The main way we’ll contact these businesses will be by email. The emails will be about their VAT obligations in the UK, and the initial email will explain why we’re contacting them.
The emails will also contain a link to this webpage so the recipients can see that HMRC is using email for this purpose.
1.10 Tax-Free Childcare communications
Communications to childcare providers
From the middle of March 2017, reminder letters are being sent to childcare providers inviting them to sign up to Tax-Free Childcare. Childcare providers who haven’t yet signed up to Tax-Free Childcare following the invitations sent out in September and October 2016 will receive these further letters. The letter provides the online address where childcare providers can sign up, their unique User ID and the details of what they will need to have available to complete this process. Access childcare support through the childcare service will direct providers to sign up.
The letters will carry the HM Government logo and contains a link to additional information available on GOV.UK, such as ‘Find out more about Tax-Free Childcare for childcare providers’.
Emails will be sent out to childcare providers and local authorities on 22 March 2017. They’ll carry the HM Government logo and the new ‘Childcare Choices’ branding. The emails will link to a ‘toolkit’ with promotional materials on ‘Childcare Choices’ hosted by our partnership marketing provider ’23 Red’.
Communications to parents
Parents who have registered an interest in the childcare service will be sent emails and/or letters inviting them to apply for Tax-Free Childcare and/or 30 hours free childcare for 3 and 4 year olds.
These emails will carry the HM Government logo and provide the online GOV.UK address where parents can apply. They’re being sent by HMRC.
Parents who have faced delays in having their eligibility for Tax-Free Childcare and/or 30 hours free childcare will be sent emails apologising for the delay. These emails will explain how parents can claim compensation if they feel they’ve missed out financially as a result of the delay. Compensation claims should be sent by post to:
HM Revenue and Customs
These emails will be sent by the childcare service and will carry the HM Government logo. The email will also provide a GOV.UK email address where parents can log in to their childcare account.
1.11 Trade statistics import/export data emails
HMRC’s Trade Statistics Unit regularly sends emails to business customers regarding import and export statistical data, and the related services accessed from HMRC’s trade statistics website.
These include business alerts, service updates, deadline reminders, data quality reviews and survey requests. These messages may include links to further information, educational or survey content on the uktradeinfo website.
They won’t request any personal, payment or tax related information.
1.12 Educational emails
HMRC will periodically send emails to customers to support their business life events. The emails will include links to relevant online digital education material used to offer you help in relation to your business and will appear in your address bar as firstname.lastname@example.org. These emails will never ask you to provide personal or financial information.
1.13 Debt management
HMRC is sending text messages to some customers, explaining what you need to do if you’re behind with your payments. These messages will also give details for paying HMRC or a helpline number for you to contact.
HMRC is also sending messages that’ll give advice about the importance of making payments using the correct information.
The messages won’t request any personal or financial information.
Voice prompts to landline and mobile phones
HMRC is sending voice prompts to some customers, explaining what you need to do if you’re behind with your payments. Customers will receive these as an inbound phone call giving details for paying HMRC or a helpline number for you to contact.
HMRC is also sending messages that’ll give advice about the importance of making payments using the correct information.
The messages won’t request any personal or financial information.
1.14 VAT emails
1.14.1 VAT Returns - email reminders
HMRC will send an email to customers to remind them when their VAT Return is due if they’ve registered to receive email reminders. The emails are entitled ‘Reminder to file your VAT Return’ and contain links to a further information page and a link to the sign in page on GOV.UK. These emails will never ask you to provide personal or financial information.
1.14.2 VAT registration - email
HMRC will send an email to customers who have registered for VAT using HMRC online services. HMRC will use the email address customers have provided to advise that they need to log into their online tax account in order to view a message in the secure messaging area. These emails will never ask you to provide personal or financial information.
1.14.3 VAT debts - email reminders
HMRC may send an email to customers who are overdue with VAT payments. HMRC will use email addresses that customers have already provided and will recommend that customers pay online to avoid further action. These emails will never ask you to provide personal or financial information. You won’t be able to reply to the emails, which will be sent from email@example.com.
1.15 Research communications
HMRC sends letters and emails to potential research participants where their feedback will help to improve the performance of the department and the legislation it regulates.
We have recently sent a letter to potential participants for a new research project looking at customers’ views of proposed changes to Pay As You Earn. The communications request participation in a short telephone survey. The letter was sent from Kantar Public, an independent research agency conducting the project on behalf of HMRC, and doesn’t request any personal, payment or tax related information at this stage.
1.16 Employer email alerts - Employer Bulletin 66
HMRC sends informational emails several times a year to employers who have registered to receive them. These emails never ask you to provide personal or financial information.
The latest batch of emails issued by HMRC will be sent from 21 June 2017. The emails are titled ‘Important information for employers’. The emails include links which direct recipients to HMRC pages on the GOV.UK website, including advice about online security.
1.17 Statutory notices requesting information
HMRC’s Centre for National Information regularly issues statutory notices to the holders of certain types of information, asking them to provide relevant details to HMRC. The holders of the information have a legal obligation to provide the data requested.
The notices requesting information can be sent by post or email.
Notices issued by email will also contain a link to this webpage so the recipients can see that HMRC is using email for this purpose.
2. How to tell if an email is fraudulent
As well as spelling mistakes and poor grammar, there are a number of things you can look out for to help you recognise a phishing/bogus email.
2.1 Incorrect ‘from’ address
Look out for a sender’s email address that is similar to, but not the same as, HMRC’s email addresses. Fraudsters often have email accounts with HMRC or revenue names in them (such as ‘firstname.lastname@example.org’). These email addresses are used to mislead you.
However be aware, fraudsters can falsify (spoof) the ‘from’ address to look like a legitimate HMRC address (for example ‘@hmrc.gov.uk’).
If you’re not 100% sure that the message has come from us, don’t open it. If you do open the email and you’re in doubt don’t click on any links or downloads.
For more information please see examples of phishing and bogus emails.
2.2 Personal information
Emails from HMRC will never:
- notify you of a tax rebate
- offer you a repayment
- ask you to disclose personal information such as your full address, postcode, Unique Taxpayer Reference or details of your bank account
- give a non HMRC personal email address to send a response to
- ask for financial information such as specific figures or tax computations, unless you’ve given us prior consent and you’ve formally accepted the risks
- have attachments, unless you’ve given prior consent and you’ve formally accepted the risks
- provide a link to a secure log in page or a form asking for information - instead we will ask you to log on to your online account to check for information
2.3 Urgent action required
Fraudsters ask for immediate action. Be wary of emails containing phrases like ‘you only have 3 days to reply’ or ‘urgent action required’.
2.4 Bogus websites
Fraudsters often include links to webpages that look like the homepage of the HMRC website. This is to trick you into disclosing personal/confidential information. Just because the page may look genuine, doesn’t mean it is. Bogus webpages often contain links to banks/building societies, or display fields and boxes requesting your personal information such as passwords, credit card or bank account details.
You should be aware that fraudsters sometimes include genuine links to HMRC webpages in their emails, this is to try and make their emails appear genuine.
2.5 Common greeting
Fraudsters often send high volumes of phishing emails in one go so even though they may have your email address, they seldom have your name. Be cautious of emails sent with a generic greeting such as ‘Dear Customer’. Emails from HMRC will:
- usually use the name you’ve provided to us, other than where you sign-up to HMRC subscription services
- always include information on how to report phishing emails to HMRC
Be cautious of attachments as these could contain viruses designed to steal your personal information.
3. HMRC Short Message Service text messages
3.1 SMS text message - activating 2-Step Verification
2-Step Verification is an additional security feature which helps to prevent someone else from accessing a customer’s digital account, even if they have their User ID and password. When activating 2-Step Verification, HMRC will send an access code via Short Message Service (SMS) to the customers’ nominated mobile phone number, which the customer will need to complete the set-up. These SMS messages will never ask the customer to provide personal or financial information.
This means that once customers have activated 2-Step Verification, the only way to access the account will be with the Government Gateway User ID, password and access to the phone which has been registered.
HMRC is planning ways of increasing the number of users who can benefit from 2-Step Verification.
3.2 SMS text message - 2-Step Verification for future log ins
After activating 2-Step Verification, each time the customer logs in, HMRC will send an access code via SMS to the registered mobile phone number, which will be needed to complete the log in process. These SMS messages will never ask the customer to provide personal or financial information.
If a customer no longer has access to the mobile phone registered for 2-Step Verification, they will need to ring the Online Services Helpdesk and verify their identity to deactivate it. The customer can then register their new mobile number for 2-Step Verification when they log in the next time.
3.3 Tax credits - SMS text or voice prompts
HMRC is contacting some tax credits customers by SMS and voice message asking them to update or confirm their circumstances if the details they hold (that is, income or working hours) differ from the information shown on their employer records.
Tax credits customers who send in their renewal or a new claim will receive an SMS text message confirming that HMRC has received their claim or renewal and estimated processing times. Customers may also receive an SMS text message to remind them to renew their tax credits claim. These reminder messages will only direct them to the GOV.UK website to renew their claims online. These messages won’t request any personal or financial information.
Tax credits customers who report a change in their circumstances using the online service may receive an SMS text message confirming that HMRC has received and processed their change. These messages will not request any personal or financial information.
Tax credit customers who have been selected to have their award checked may receive an SMS if they have not responded to our enquiry letter. The message will ask them to reply in writing or call the number on the letter if they require any help. The messages will not request any personal or financial information.
4. Report HMRC related phishing/bogus emails
If you have received a phishing/bogus email related to HMRC, or you’re not sure if it’s genuine, you can read about how to report internet scams and phishing to HMRC.