In early 2017, a UK company warned its employees about suspicious emails and how to deal with them. Two months later it sent a bogus email from the HR manager to a sample of employees requesting personal details. Despite the previous warnings, 54% of the employees clicked the link in the email and amazingly nearly all of those submitted data in the form provided via the link.
It is no surprise that the vast majority of hacking attacks begin with a phishing email. It may also be no surprise to know that HMRC is one of the most phished brands in the UK. What is more, there may be another surge as HMRC are encouraging individuals and businesses to sign up to their Personal Tax Account (PTA). The government’s ambition is for everyone to have a PTA by 2020.
However, HMRC will never ask people to disclose personal or financial information by email. And that’s the golden rule for any employee to remember for emails received from anyone.
Two links which you may find useful:
https://goo.gl/oJsCsr - this is a list of digital and other contacts from HMRC if you have any doubts about the authenticity of an email. It gives some helpful pointers to look out for if you are in any doubt as to whether an email or other contact that purports to be from HMRC is what it seems to be.
www.gov.uk/personal-tax-account - this is the page from which you sign up to a Personal Tax Account. The page lists what you can currently do in the Personal Tax Account, but the aim is for these to be secure areas where an individual or business can see all their tax details in one place and interact with HMRC digitally.