12 million Brits have been warned to be wary of their emails, texts and calls amid a HMRC scam warning and the impending self-assessment tax return deadline. 

Self Assessment is a system HM Revenue and Customs uses to collect Income Tax and the online tax return deadline is fast approaching (midnight on January 31 2024).

Self-employed persons who operate as sole traders, people who are partners in a business partnership and those with a total taxable income of more than £100,000 need to complete the form.

For full guidance on who needs to submit a tax return, when and how to get support, visit the UK government website.

Approximately 12 million people will be submitting their self-assessment tax returns before the end of January which has prompted cyber security experts Proofpoint to issue an important warning.

More than 130,000 reports about tax scams were received by HMRC in the year to September 2023.

Almost 60,000 people were approached and offered fake tax rebates by fraudsters.

In fact, according to the National Cyber Security Centre, HMRC was the third most spoofed government body in 2022, behind the NHS and TV Licensing.

Ahead of this year's deadline, Proofpoint expert Matt Cooke, Cybersecurity Strategy, EMEA has advised that it's crucial to remember that HMRC will never contact taxpayers via emails, texts, or phone calls. 

How to spot the HMRC scam

The cyber security expert has also told Brits about what they should be on the lookout for in a scam email.

“Tax season is a popular time for threat actors to conduct email-based attack campaigns designed to steal sensitive information for financial gain," Mr Cooke commented.

"In fact, in 2021, Proofpoint identified a malicious email campaign that distributed messages with links that led users to a fake Self-Employment HMRC tax themed authentication page designed to harvest their credentials.

"Threat actors have proven social engineering to be a highly effective tactic by manipulating human emotions, often leveraging fear and a sense of urgency to deceive targets into taking actions that ultimately benefit them.

"These actions can include sharing sensitive information or sending money. A common technique employed by threat actors is to capitalise on current events. Given approaching tax deadlines, it is unsurprising that the HMRC is warning of scams.

"Attackers are always innovating to find new ways to exploit human nature and the majority of the time, it’s via email. To mitigate these risks, it is crucial for users to be able to better identify and report suspicious emails.

"Individuals should always exercise caution engaging with unknown senders and should be cautious when clicking links received in an email, particularly when they are not expecting to receive them. 

Recommended reading

"We are also increasingly seeing cybercriminals target users via multi-touch campaigns, including the use of fraudulent phone calls and text messages".

The cyber security expert concluded by warning Brits not to "believe everything you see".

He added: "Cybercriminals are extremely good at what they do. Be sceptical when it comes to identifying phishing in your email messages — if it looks even remotely suspicious, do not open it. 

"By understanding these tactics and maintaining vigilance, individuals can significantly reduce the likelihood of falling victim to phishing attacks and effectively safeguard their money and sensitive information.”