Skip to main content

Fake tax email scams targeting UK taxpayers

(Image credit: Image source: Shutterstock/Creativa Images)

End of the year tax is approaching for taxpayers around the globe, and cybercriminals are using the opportunity for their own personal benefit.

This benefit can be various – from stealing actual money, to grabbing private information, stealing identities or spreading malware and ransomware.

Whatever they do, one thing is for certain – the unsuspecting taxpayer is always at the receiving end of this scam.

Cybersecurity researchers from Proofpoint have issued a warning to taxpayers, saying these types of scams are now on the rise. People in the UK, US, Australia, France, and Canada are being targeted.

Hackers will most likely approach them via email. They'll do their best (and they're really good at this) to create an email address that looks almost identical to the one of, HMRC, IRS and the likes. The email itself will be almost identical to the one the taxpayer may expect from legitimate sources.

They'll use social engineering in subject lines (probably refer to the victim by their first or last name), and share decoy links.

Unsuspecting victims can be tricked to click on a spoofed link and to share their private (and very valuable) information with cybercriminals.

Proofpoint says government tax offices will never approach taxpayers via email, text message or social media with a request for personal or financial data. Whatever email you receive from anyone claiming to work for the government, be extra careful before pressing any links. Avoid downloading or running any attachments unless you're absolutely certain it's from a legitimate source. If someone calls you, saying they're from a government tax office, tell them nothing and hang up (or you can goof around a little bit (opens in new tab), but Proofpoint doesn't endorse it).

“Taxpayers can view their tax account information online and confirm any money owed there,” Proofpoint says.

“If you do need to speak with the representative via phone, you can call them using the phone number listed on the official website.”

“As a best practice, individuals should freeze their credit files to ensure that any information that may be leaked cannot be used to establish credit in their names.”

Image source: Shutterstock/Creativa Images

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.