Wulf's Webden

The Webden on WordPress

Smells Phishy to Me

Look at this delightfully tempting email I received from the tax man:

Claim Your Tax Refund Online

Dear Customer,

HM Revenue & Customs has identified an error in the calculation of your tax from the last payment, amounting to £ 1,400.00. To return the excess payment, please click “Claim My Refund” below:

Claim My Refund

How to return itself have not changed, only the format of what you claim and how you get paid back from HMRC has changed digitally.

We are here to Ensure the correct tax is paid at the right time, whether this relates to payment of taxes received by the department or entitlement to benefits paid.

Best Regards,
HM Revenue & Customs Refund Department

How can I resist clicking the link and immediately claiming the large amount of money the tax man has taken from me? Wait just a moment though: doesn’t this sound just a little too good to be true? There are a few points to raise concern. On examination, the grammar is appalling. How to return itself have not changed? Capital E for ensure? The real clincher was that, although the email was dressed up in the right colours and all the supplementary links did point to genuine sections on the HMRC site, the crucial Claim My Refund one point to a server in Poland (link removed from the above text for obvious reasons).

I applied a bit of web-fu and located the HMRC site via a different route, where it did not take long to turn up their anti-phishing page, which clearly states: HMRC will never send notifications of a tax rebate by email, or ask you to disclose personal or payment information by email. Scam duly reported and I can wave goodbye to that refund. On the bright side though, it means that I’ve already been paid it and didn’t have it siphoned off by the taxman in the first place.

Comments are closed.