Taxation logo taxation mission text

Since 1927 the leading authority on tax law, practice and administration

Gone phishing

09 November 2010 / Simon McKie
Issue: 4280 / Categories: Comment & Analysis , Chris Hodgson , fraud , phishing
What do HMRC have in common with senders of dodgy emails, asks SIMON MCKIE

KEY POINTS

  • HMRC warn the public about phishing emails.
  • Unexpected call about a tax repayment.
  • Sending bank details by fax or email.
  • Conflicting Revenue advice.

I recently received an email from a very kind gentleman in Nigeria. He explained that he was a government minister and that he had a large sum of money which he did not wish to disclose to the Nigerian Ministry of Finance.

For the mere use of my bank account he would allow me to keep US$30 million. All I had to do was to send him my bank details. In spite of the generosity of his offer, I decided not to accept it.

One would not expect to receive similar communications from HMRC even though they have not always been wholly reliable in regard to their customers’ financial information.

On 12 August they issued a press release ‘warning taxpayers to be vigilant’ because there were:

‘Fraudsters [who] inform taxpayers they are due [sic] a tax rebate and ask for their bank card details over the phone. They then attempt to take money from the account using the details provided…’

Chris Hodgson, director of customer contact at HMRC said:

‘We only ever contact customers who are due [sic] a tax refund in writing by post. We never use telephone calls, emails or external companies in these circumstances. We strongly urge anyone receiving such a phone call not to give any information to the caller, but report it to the police straight away.’

Unexpected request

My experience is rather different from Mr Hodgson’s. I am the director of a small company.

During the summer I was telephoned by a woman who said she was from HMRC and was working on my company’s tax affairs, and that she had noticed a repayment of some £3,000 in respect of a prior year had been returned to HMRC marked ‘account details unknown’.

She went on to say that she needed new bank details so that the repayment could be made.

I asked her to read out the bank details she had on her file, which bore no relation to the details that had been included on the company’s last return. I asked her for a telephone number through which I could verify her identity, but she said she was working remotely at home on secondment to an office at which she was not usually based.

She could give me the office number but explained that, if I were to ring it, nobody there would know who she was.

As I was not willing to give the company’s bank details over the telephone, she asked that I fax the details to her on my company’s headed writing paper. As an alternative to the fax, she gave me an email address to which I could send the details.

Suspicious story

I was not aware that a repayment was due and, in any event, the woman’s story sounded pretty thin. Rather than fax the details to her, I rang the tax office dealing with my company’s affairs and asked if they knew the caller.

The person to whom I spoke said they had no record of her and so, assuming I had been the target of an attempted fraud, I sent details of the incident to the company’s normal inspector and asked to be informed of what steps HMRC were taking in respect of scams such as this.

I was amazed to receive a letter in reply confirming that my caller did indeed work for HMRC, denying that she had said she was working from home but admitting she had said she was working ‘remotely’, and asking me to send the company’s bank details to her by fax.

I wrote back expressing my astonishment at HMRC’s insouciant attitude to the security of a taxpayer’s information, particularly in view of the many public scandals there have been over the past few years concerning HMRC’s control of confidential information.

Left hand, right hand?

My caller subsequently wrote to me to say she was arranging for the repayment. I telephoned her a few days later and she turned out to be a very pleasant and polite woman who expressed her hope that I was now reassured as to her bona fides.

I was grateful for her help, but I was still surprised that HMRC were asking by telephone for taxpayers to send bank account details to them by email.

I referred her to the press release dated 12 August of which she did not seem aware. She said HMRC were contacting taxpayers by telephone to ask them for their bank details because there was a very large backlog of repayments and HMRC were trying to clear them.

I remain, however, rather bemused. For HMRC to ask taxpayers by telephone to send their bank details by email provides an obvious opportunity to fraudsters.

How can a responsible organisation of any sort, let alone a major department of government, behave in this way?

Then there is the matter of the conflict between HMRC’s practice and the 12 August press release.

We have grown accustomed in recent years to HMRC’s press releases reflecting a fantasy world that bears little relationship to reality, but this experience of the department’s double-speak still surprised me.

Should I take Mr Hodgson’s advice and report HMRC to the police for investigation?

Simon McKie is a designated member of McKie & Co Advisory Services LLP. He can be contacted by telephone on 01373 830956, and by email.

Issue: 4280 / Categories: Comment & Analysis , Chris Hodgson , fraud , phishing
back to top icon