Email from HMRC, fake or real?

HM Revenue and Customs (HMRC) have asked to remove over 20,750 malicious sites in effort to crack down on phishing attacks. Which simplify means a fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. Despite a record number of malicious sites being removed, HMRC is warning the public to stay alert as millions of taxpayers remain at risk of losing substantial amounts of money to online crooks.

Never asked dont give out either

Genuine organisations like banks and HMRC will never contact people out of the blue to ask for their PIN, password or bank details. So people should never give out private information, download attachments, or click on links in emails and messages they weren’t expecting.

Example of phishing attack

Here is an example from my own email account, I received a phishing email but sender had no luck because I recognized it as a cyber-attack. You might get similar emails and can look for similar things to avoid any damage to your data by following simple guideline below.

Phishing attack precautions 1

As per first image above you can see email address itself is fake, it not coming from HMRC rather from another domain saunalahti.fi. Also no mention of name to whom email is sent to. Unique reference is wrong too.

 Phishing attack precautions 2

 

It is important that you don’t click on any link in email, it can install malicious software on your machine or device without you knowing e.g a key-logger which will record every key you type or press on your display and hacker can know sensitive information. You can simply hover over mouse on link and read detailed link at bottom of browser as shown in arrow down

Phishing attack precautions 3 

You can right click and select option copy URL to test your findings. It is crucial that you use a browser which does not save any password for your daily use and even better no cookies saved at all. 

 Phishing attack precautions 4


If you past the URL copies from above in browser you will find a site which is not HMRC , it could be any site, if your antivirus software has anti-spam option on for web, it will through warning message like above. There is possibility that hacker might have replicated looks of HMRC site to another URL for deception. You can easily tell from url in address bar which in not HMRC url. It’s common to have redirect of one URL to another as shown in image above, URL in address bar is different from what was copied before. This is done through URL 301 redirect. 

Phishing attack precautions 5

As per image above there are no links to Crown copyright, HMRC term and condition, privacy policy and accessibility sections of email. Which is odd thing to do in email. It would have been linked to some non – genuine sites too so better not to click on any link

Phishing attack precautions 6 

Now dipping bit deeper if you like, as per image above, if you look into message source codes by right clicking on message or in Hotmail down arrow of reply button and clicking on view message source, you will see more details in next image

Phishing attack precautions 7

Once message source code is displayed trigger search option (Ctrl+F in widows) and type from. You will notice actual email address hidden in codes that is used to send email to you in first place. This is called masking.

Phishing attack precautions 8

Above image show the website displayed when I typed in the actual domain as per senders email in question.

Phishing attack precautions 9

Above image shows a genuine email from HMRC, notice url mentioned in email and hover over link and email address itself is This email address is being protected from spambots. You need JavaScript enabled to view it.

If you copy the link from above image to browser it will redirect to genuine HMRC website section.

Phishing attack precautions 10

If you click on pad lock sign and click on more detail option you can see certificate and wording of trusted site. You would not see such wording on a doggy site.

Two Factor Authntication

HMRC has also introduced two factor authentication methodology i.e you user name and password and security code sms to your registered mobile number for added security. You should use two factor authentication wherever possible to make procedure more secure. Many online accounting software use this as standard these days.

Report Spamm or Phising attack

People should forward suspicious emails claiming to be from HMRC to This email address is being protected from spambots. You need JavaScript enabled to view it. and texts to 60599.
They can also contact Action Fraud on 0300 123 2040 to report any suspicious calls, or use its online fraud reporting tool.

Here is link for more guidance on countering phishing