Email & Phishing Scamshigh

The Fake HMRC Tax Refund Email

Thousands of UK residents received convincing emails claiming they were owed a tax refund — handing over bank details to criminals instead.

HMRC (impersonated)·2022·2 min read

Attack Chain

  1. 1
    Mass email sent impersonating HMRC
  2. 2
    Victims click link to fake Gov.uk site
  3. 3
    Bank details entered on fake portal
  4. 4
    Funds drained within hours

Background

Every year around self-assessment season, criminals send mass phishing emails disguised as official HMRC communications. In 2022, an unusually convincing campaign targeted people who had recently filed their tax returns. The emails used real HMRC logos, official-sounding language, and even replicated the genuine Gov.uk visual style.

The Attack

The emails told recipients they were owed a tax refund and needed to click a link to claim it. The link led to a fake website that looked nearly identical to the HMRC online portal. Victims were asked to enter their National Insurance number, date of birth, and full bank account details to receive their refund. Within hours of submitting, their bank accounts were drained.

Response

HMRC issued warnings and worked with the National Cyber Security Centre to get the fake domains taken down. Banks that identified fraudulent transactions froze funds where possible. However, by the time most victims realised what had happened, the money had already moved through multiple accounts.

Outcome

Thousands of people lost money. The average loss was around £800 per victim, though some lost several thousand pounds. HMRC now prominently states it will never email you asking for bank details, and that all genuine refunds are handled through your tax account.

Key Takeaways

  1. HMRC will never email you asking for bank details — legitimate refunds go back through your original payment method
  2. Always go directly to Gov.uk by typing the address in your browser, never follow links in emails
  3. Check the sender's actual email address — real HMRC emails come from @hmrc.gov.uk only
  4. If in doubt, call HMRC directly using the number on the official website
  5. Enable two-factor authentication on your personal tax account so even stolen passwords aren't enough

How to Prevent This

All guides
beginnerfeatured

Check the actual email address, not just the name

Scammers can make an email appear to come from "HMRC Refunds" or "Royal Mail Delivery" in your inbox — but the actual sending address will give them away. In your email client, click or tap on the sender name to reveal the full email address. A genuine HMRC email will come from @hmrc.gov.uk. A genuine Royal Mail email will come from @royalmail.com. If the address is something like hmrc-refund@taxgov.support or royal-mail-delivery@parceltracking.net, it is a scam. This one check will catch the majority of phishing emails. Also watch for subtle misspellings: amaz0n.com, paypa1.com, or hmrc.gov.uk.tracking-portal.com (the real domain here is tracking-portal.com, not hmrc.gov.uk). When in doubt, don't click the link in the email. Instead, open your browser and type the organisation's address directly — for example, gov.uk for HMRC or royalmail.com for Royal Mail.

See: The Fake HMRC Tax Refund EmailSpotting Scam Emails & Texts
phishingHMRCtax scambank detailsgov.uk impersonation

More in Email & Phishing Scams

2021medium

The Royal Mail Missed Parcel Text Scam

2 min readEmail & Phishing Scams
2022high

The Pharmacy Email Breach

2 min readEmail & Phishing Scams
2022medium

The Fake PayPal "Your Account Is Limited" Email

2 min readEmail & Phishing Scams