back to article Yup, it's the new tax year: If you smell a RAT, it's because crims are ramping up tax scams

As the tax year rolls over into 2019/20, cybercrims have started belching out phishing emails and tax-themed malware, according to infosec researchers. Proofpoint, one of those companies which keeps a close eye on the world of online badness, "observed the expected seasonal increase in tax-themed campaigns" as Q4FY19 clicked …

  1. Crisp

    Contact your local friendly tax office directly

    Will they actually pick up the phone?

    1. Zippy´s Sausage Factory

      Re: Contact your local friendly tax office directly

      If you call the HMRC overseas number, they answer immediately. Although they check the caller ID to make sure you're calling from overseas (cough)Skype number(cough)

      1. JetSetJim

        Re: Contact your local friendly tax office directly

        I wonder if that trick works for 03xx numbers...?

    2. RRJ

      Re: Contact your local friendly tax office directly

      Or charge you a premier rate phone call and keep you hanging on for 30mins.. that is what the UK tax office does..

  2. Anonymous Coward
    Anonymous Coward

    One Solution...

    Is to refuse to give your email address to HMRC. That way, any email which arrives in your inbox purporting to be from HMRC is obviously fraudulent.

    You are not obliged to have email, and they should not be able to demand it. If they need to contact you, they should be made to do so by snail mail. Not that snail mail is secure, but the crooks have to go to a lot more effort for less payback....

    1. macjules

      Re: One Solution...

      Hah! HMRC probably sold the email addresses to the crims in the first place. Wait, did I say "sold"? Sorry, "gave away the email addresses".

    2. Anonymous Coward
      Anonymous Coward

      Re: One Solution...unique email address

      I created an email address for a government tax representative last year, They are the only ones that got that address. Now that address is being used for phishing. Always good to know who you can trust.

  3. codejunky Silver badge

    How to tell

    If its offering you money instead of telling you they have taken it from you its probably a scam.

  4. Anonymous Coward
    Anonymous Coward

    The one positive HMRC IT trait...

    Their interactive website doesn't require javascript or flash. Yes, parts of the site 'work better' with javascript but the important HMRC bits don't.

    Frankly I wish other financial/tax websites would similarly revert (in their case) to simple html.

    1. }{amis}{

      Re: The one positive HMRC IT trait...

      Super +1 this the amount of junk that my bank loads on the login page is obscene.

      I hope sometime soon such dependency on JS in secured areas is fingered in a massive GDPR fine to wake up orgs that handle such sensitive data to the security disaster they are creating.

      1. N2

        Re: The one positive HMRC IT trait...

        No script & Hosts file keeps the barstweards down

  5. Headley_Grange Silver badge


    Not helped by the fact that real mails from HMRC look like phishing attempts. Addressed to "Dear Customer" and when one inspects the headers the mails come from a US site called Apparently they are real, but I've marked them as spam anyway, just in case.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like