Email Phishing

Avoid Email Phishing, Holloway Cook

Recently there have been a lot of Emails purporting to be from HMRC; these email carry attachments that could infect your computer if opened and also have links that could re-direct you to a web site that could cause damage if clicked.

If you receive a ‘bad’ Email then make sure you delete it immediately before clicking on any links or opening any attachments.

Below are some screen shots of rogue Emails to help you distinguish the good from the bad.

Email phishing example
Email phishing example

In this first example it’s relatively easy to spot that this is not a genuine Email from HMRC.

  • Firstly the dates do not agree: the Email was received on 6th Feb but the content says the submission was received on the 7th Feb.
  • The content of the message can contain bad grammar or even spelling mistakes.
  • There is an attachment: we do not know of any instance when HMRC will send an attachment because all transactions are carried out online.
Email phishing example
Email phishing example

In this second example you can see three glaring errors:

  • The email address that received the Email is not the one that is registered with HMRC; it’s an Email gained via other illicit means.
  • In this case the school-boy error is the use of the date 29 Feb 2014.  2014 is not a leap year so that date does not exist.
  • The content is inviting a reply.  HMRC Emails will come from unmonitored addresses so a reply would not be valid.  Replying to this Email will only confirm that this address is being actively used and will be targeted even more.

Also, this Email carries an attachment; not done by HMRC.

Now here’s a genuine Emai received as a result of an online VAT submission:-

Email from HMRC


In this Email:

  • The address it was sent to is the one registered with HMRC for VAT submissions.
  • The reference code is correct.
  • There is no prompt for a reply; in fact the Email states that the reply email address is not monitored.
  • There is no attachment.
  • There are no links in the Email to click on.

To satisfy yourself that this Email is genuine then it is possible to look at the raw data of the Email.  In Outlook simply right click on an Email and select View Message Source (or similar), on Apple Mac select View | Message | Raw Source then another window will pop up with the message data.  It’s not easy to read, but check out the recipient and reply to addresses, and check out any of the link.  If any of these look dodgy then the Email is probably dodgy.  Please delete it immediately.

If you need further assistance please contact us for advice.