Premium

Revealed: the HMRC scam most likely to trick you out of your savings 

A council tax bill
Millions of scam communications are sent each year but some are better at eliciting your personal details than others Credit: Joe Giddens 

Fraudsters who target victims by pretending to be HM Revenue and Customs are testing every type of communication in a bid to trick people into handing over their savings. One method in particular has been revealed as the most successful.

Figures disclosed by the tax office in response to a Freedom of Information request have shown the onslaught Britons face, as scammers stole £1.2bn from British bank customers alone in 2018.

Fraudsters pretend to be from HMRC as they know potential victims are more likely to fall for their tricks if the source of the contact is thought to be legitimate. They also play on fears people have about shock penalties from HMRC for unpaid tax. 

And their tactics are working: HMRC phone call scams are the fastest growing attacks, with 105,000 reported in 2018/19, up from just 407 three years ago, an increase of more than 25,000pc.

Spam emails, known as “phishing scams”, are the most frequent danger to Britons, according to the data.

The total number of phishing emails reported to HMRC about any subject over the last three financial years was 2.6 million, of which 900,000 were last year, an increase of 15pc from the previous 12 months.

Spam emails around tax rebates from con artists pretending to be HMRC topped the list of fraudulent activity, with 1.9 million reports. They were only successful at eliciting financial details from victims around 16,000 times during that period, however.

Rarer, but most dangerous to potential victims, are text messages.

There were 150,000 reports of suspicious text messages in the past three years, which were successful in encouraging people to reveal personal information on at least 2,600 occasions, a success rate twice that of email scams.

Phishing websites – where victims end up when they click links in scam emails or texts – were reported to HMRC for removal or taken down 50,000 times over the past three years.

Tim Sadler of Tessian, a software company that aims to prevent phishing attacks, said: “What we see happening here with HMRC is happening across the board. 

“Impersonation phishing attacks are on the rise as cyber-criminals think up new ways to encourage people to share personal data or transfer money – what better way to convince an individual to share information than to impersonate a position of trust and authority?”

Mr Sadler added the way we interact with our phones means we are more distracted, one of the reasons text message scams are so successful.

“People may not take the time to evaluate the information in front of them, consequently missing cues that signal a potential threat.

“Mistakes are inevitable and all it takes is one click or reply to fall into a scammer’s trap and compromise your – or your company’s – data.”

Tim Dunton of Nimbus Hosting, a web hosting service, said the sharp rise in email and website scams brings huge challenges for organisations like HMRC.

“It is vital taxpayers remain vigilant to online fraud and report all incidents to the necessary authorities and are cautious about handing out personal financial data.”

Individuals are advised to always check the sender’s email address, look out for spelling mistakes and refrain from clicking links or replying to text messages if there is any suspicion about where they have come from.

For the week's most important personal finance news, analysis and expert advice, from pensions and property to investment ideas and savings tips, sign up to our weekly newsletter

laura.miller@telegraph.co.uk