“You’ve Got a Tax Refund!” (No, You Don’t)
The Tax Refund Trap: A Scam That Just Keeps Working
tl;dr
Scammers continue to distribute fake notifications claiming that recipients are eligible for a tax refund. Links in the notifications open phishing websites designed to steal your personal and financial information.
If a tactic works, criminals will continue to use it. Tax refund phishing scams are a good example. I’ve reported on versions of this scam for more than 20 years.
Expectations and Desires
Why does the tactic work? Because it preys on people’s expectations and desires.
If you’ve lodged your yearly tax return, a notification that you’ve received a refund may be not only welcome but expected. In some versions, the scammers will claim that you are about to receive a refund due to a past tax department error. News of such an unexpected windfall can be exciting.
In either case, it’s easy to focus on the good news about the supposed refund and click without due forethought.
Screenshots of Typical Scam Messages
Below, I have included screenshots of two typical phishing scams that pretend to be from the Australian Taxation Office (ATO) and the UK’s HMRC. Very similar variations of the scam target people in many countries worldwide.
What Happens if You Click
If you click or tap the link, a fraudulent website will open. The site is built to mirror the genuine tax department website. At first glance, you may not see any difference between the fake site and the genuine government websites you usually visit.
The fake site asks you to provide your username and password to log in. If you provide the information, you will likely be taken to an online form asking you to provide detailed personal and financial information.
The login credentials and other information you provide will be sent to online criminals who will use them to access your tax department records and steal your identity.
Some versions may ask for your credit card details, ostensibly so that a refund can be deposited to the card. Of course, if you provide this information, the scammers will use your card at will and leave you with the bill.
Scam messages like this are distributed via both email and text messages.
Don’t Follow Links - Go Direct
It’s safest not to follow links in messages claiming to be from tax agencies or other government departments.
Instead of clicking or tapping, open your browser, go directly to the government website, and log in the way you usually would. You can also log in via the official government phone app if that’s how you usually do it.
If the message is genuine, you will see a notification about it once you have logged in. If not, you can be confident that the message was a scam and ignore it.
From the Archive
Here’s a very old version that targeted US taxpayers. Same scam, different year.
For more examples, you can check out this YouTube video I made some time back: