HMRC has warned UK taxpayers finalizing their Self Assessment filings that it has already received tens of thousands of reports related to suspected scams.
The UK tax office revealed that it received more than 135,500 reports since February 2025, including 4800 related to the Self Assessment system it uses to collect income tax. The deadline for Self Assessment filings is January 31 2026.
HMRC urged customers to remain vigilant as scams via phone, email and text are likely to increase as the deadline approaches.
It said fraudsters typically impersonate HMRC in these communications, often using classic pressure tactics to socially engineer their victims into paying non-existent bills, or else offering tax refunds which don’t exist.
The end goal is usually to harvest taxpayers’ personal and financial information or trick them into installing malware on their machine/device.
Read more on HMRC scams: HMRC in New Tax Credits Scam Warning
The tax office has already been forced to shutter 25,000 phishing websites and phone numbers linked to scams in the past 10 months.
“Millions of people file a tax return each year and scammers mimic HMRC to try and catch unsuspecting victims out,” warned HMRC CSO, Lucy Pike.
“I’m urging people to stay vigilant and if any emails, text messages or phone calls appear suspicious – don’t be lured into clicking on links or sharing your personal information – report it directly to HMRC. Just search ‘report an HMRC scam’ on GOV.UK to find out more.”
Protect, Recognize, Report
HMRC reminded taxpayers it would never leave threatening voicemails, ask for personal or financial information via text/email, or ask individuals to claim a refund via email/text/phone.
It urged them to:
- Protect their personal information by thinking twice before handing it over and using strong, unique passwords on all accounts
- Recognize the tell-tale signs of a scam and refuse to reply to fraudulent messages or click on links/open attachments. They should also not trust caller ID as this can be spoofed, it added
- Report any scams by forwarding suspect emails to phishing@hmrc.gov.uk and phone calls to GOV.UK. If money is stolen they should report it to their bank immediately as well as Report Fraud
Matt Cooke, EMEA cybersecurity strategist at Proofpoint, said tax-themed scams are particularly effective at this time of year, because they combine urgency around deadlines and fear of penalties and fines with the trust that many have in the HMRC brand.
“Criminals are exceptionally skilled at crafting convincing lures that look legitimate, and because many of us expect to receive HMRC communications during tax season, we can be caught off guard,” he added.
“Be aware of common techniques threat actors use like impersonated domains and identities, urgent or threatening language, links to websites that aren’t official gov.uk sites, and requests for payment through unusual methods like gift cards or cryptocurrency.”
Fraudsters may also use multiple channels to increases their chances of success – such as sending an email and then following up with a vishing phone call, Cooke warned.
Image credit: Ink Drop / Shutterstock.com
