Debunking hoaxes and exposing scams since 2003!

Hoax-Slayer Logo

HM Revenue & Customs 'Account Locked' Phishing Scam


Outline

Email claiming to be from UK tax agency HM Revenue & Customs (HMRC), warns that your HMRC account has been locked and that you should click a link to complete a verification process.

Facebook phishing
© Depositphotos.com/ Wavebreakmedia

Brief Analysis

The email is not from HMRC and the 'account locked' claim is false. The message is a phishing scam designed to trick you into giving your personal and financial information to cybercriminals.

Example

HM Revenue & Customs

For security purposes, your online account has been locked.   

To restore your account, please click: Sign in to my Hmrc Account and proceed with the verification process.


Detailed Analysis

Email Claims HMRC Online Account Locked

This email, which purports to be from UK tax agency HM Revenue & Customs (HMRC), claims that your online account has been locked for 'security purposes'.

The email instructs you to click a 'sign in' link to complete a verification process that will restore your account.

Email is a Phishing Scam

However, the email is not from HMRC and the claim that you must verify your account is untrue. Instead, it is a phishing scam designed to trick you into given your personal and financial details to criminals.

The message comes in the form of a graphic. The message includes what appears to be a clickable link in the text, but, in fact, clicking anywhere on the graphic will open a scam website.

When you click the message, you will be taken to a website that hosts a fake web form that asks for name and contact details and credit card information. The bogus form includes the HMRC logo as well as secondary links that point to the genuine HMRC website (see screenshot at end of article).

Rather bizarrely, while the email claims that your must verify your account for security reasons, the fake form supposedly allows you to claim a tax refund. It appears that the scammers have simply reused a fake form from a previous tax-refund phishing campaign.

If you fill in the requested details and click the 'Submit' button, you will be redirected to the real HMRC website.

Meanwhile, however, the information you submitted can be collected by the scammers and used to commit credit card fraud. By submitting your personal data, you may also become vulnerable to identity theft.

Tax Agency Phishing Scams Very Common

Tax agency phishing scams are very common and have targeted taxpayers in several countries.

Be very cautious of any email or text message purporting to be from the tax agency in your country that claims that you can apply for a refund or verify your account by clicking a link or opening an attached file.

Tax agencies are very unlikely to send out generic, unsolicited emails to citizens that ask for personal and financial information.





Last updated: September 3, 2014
First published: September 3, 2014
By Brett M. Christensen
About Hoax-Slayer

References
Phishing Scams - Anti-Phishing Information