For phishing read fishing… the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy entity in an electronic communication.
According to Wikipedia there are a bunch of other terms with similar meanings:
- Spear phishing – aimed at specific individuals or companies
- Clone phishing – where a legitimate email is hijacked, and malicious code entered
- Whaling – directed at senior executives or other high profile targets
The list goes on.
We are constantly reporting in the content we provide to our clients on attempts by ne’re-do-wells to impersonate HMRC with the clear aim of obtaining personal data and bank details. Readers receiving any email contact from “HMRC” should treat it with suspicion. HMRC will never contact you by email. We recommend two possible courses of action to check out the bona fides of communication received:
- Contact HMRC by phone, use one of the official contact numbers on the GOV.UK website, or
- Contact your tax advisor.
The specific advice on this topic published by HMRC is as follows:
You’ll never get an email, text message or phone call from HMRC which:
- tells you about a tax rebate or penalty
- asks for your personal or payment information
You can report something suspicious to HMRC’s phishing team, for example:
- a text message (forward it to 60599 – you’ll be charged at your network rate)
- an email
- details of a phone call asking for personal information or threatening a lawsuit
If you receive a suspicious phone call, you can help HMRC’s investigations by providing:
- the caller’s phone number
- the date of the call
- a brief description of the call
The HMRC phishing team can be contacted at firstname.lastname@example.org