HMRC Scam Alert: How to Protect Your Business from Costly Tax Scams

Written By Ian Hughes
HMRC Scam Alert How to Protect Your Business from Costly Tax Scams

As your accountants, our priority is not just managing your finances, but helping you protect them too.

That’s why Zyla Accountants is issuing an important alert regarding a significant increase in sophisticated tax scams targeting businesses and individuals across the UK.

HMRC has recently warned that scammers are intensifying their efforts, using everything from bogus tax refund offers to intimidating threats of arrest for non-existent unpaid tax bills. Understanding the threat is the first step in defending your business.

The Current Threat: A Multi-Million Pound Problem

The scale of this issue is staggering. Between August 2024 and July 2025, HMRC received over 170,000 reports of suspicious contact. Almost a third of these were attempts to lure people in with the promise of a tax refund.

This isn't just about nuisance emails. A major data breach last autumn saw 100,000 online tax accounts compromised, resulting in an estimated £47 million loss for HMRC. Fraudsters are also capitalising on wider confusion, such as changes to the Winter Fuel Payment, by sending fraudulent texts that appear to be from legitimate government departments.

These criminals are organised, persuasive, and relentless. The good news? Awareness is our best defence. Referrals of scams to HMRC have fallen by 12% in the last year, proving that when we know what to look for, we can stop them in their tracks.

How to Spot a Scam: The Telltale Signs

Scammers often create convincing emails and text messages, complete with HMRC logos and official-sounding language. One common email currently in circulation mentions "discrepancies" in a tax return and pressures the recipient to log in "by the end of the week to avoid penalties".

While it may look genuine at first glance, there are always giveaways. Remember, HMRC has a strict code of conduct for how it communicates.

HMRC will NEVER:

  • Threaten you with arrest or legal action in a voicemail or initial email. This is a high-pressure tactic designed to make you panic and act without thinking.

  • Ask for personal or financial information (like your bank details or passwords) by text or email.

  • Contact you out of the blue by email, text, or phone to announce a tax refund. Official notifications will appear in your Government Gateway account or arrive by post.

  • Use generic greetings like "Dear Taxpayer." They will typically use your name or business name.

Look for suspicious sender addresses that don't end in ‘@hmrc.gov.uk’, poor grammar, and odd phrasing like "anti-fraud protocols."

A Business Owner’s Guide to Protection

Your business is a prime target for these scams. Here are four key steps you can take to build a strong defence:

  1. Educate Your Team: Your staff are your first line of defence. Ensure anyone who has access to company emails or answers the phone understands these threats. Run a short training session on spotting phishing emails and establish a clear protocol for what to do if they receive a suspicious message – which should always be to report it to a manager or your IT lead without clicking any links.

  2. Verify, Then Trust: Instil a company-wide policy of never clicking links in unexpected emails or texts. If you receive a notification supposedly from HMRC, close it. Open a new browser window and log in to your Government Gateway account directly to check for any messages or updates. If the contact was a phone call, hang up and call HMRC back on an official number from the GOV.UK website.

  3. Strengthen Your Cyber Security: Activate Two-Factor Authentication (2FA) on your Government Gateway account immediately. This provides a vital layer of security, making it much harder for criminals to access your account even if they manage to steal your password. Ensure you use strong, unique passwords for all your financial accounts.

  4. Lean on Your Accountant: As your appointed agent, we handle the vast majority of your correspondence with HMRC. Therefore, any direct, unexpected, and urgent communication you receive should be treated as a major red flag. If you receive any message that causes you concern, do not respond. Forward it directly to us at [Accountant's Email Address], and we will verify it for you.

What to Do If You’re Targeted

If a suspicious email or text lands in your inbox:

  • Do not reply or click any links

  • Report it. Forward suspicious emails to HMRC's phishing team at phishing@hmrc.gov.uk. Forward suspicious texts to 60599

  • If you have suffered a financial loss, report it immediately to your bank and to Action Fraud.

By staying informed and vigilant, you can protect your personal data and your business’s finances. If you ever have any doubts, please don't hesitate to contact us.

Ian Hughes
Previous

The New Employment Rights Bill: A Roadmap for UK Employers
Next

Beyond the Spreadsheet: Why Your Business Needs a Forward-Thinking Cloud Accounting Firm