Published: 29/05/2026 By Sarah-Jane Crean
Emails claiming to be from HMRC are one of the most common types of phishing scams. Fraudsters know that messages relating to tax, refunds, penalties, and compliance can create a sense of urgency, making people more likely to act without stopping to verify the information.Because most individuals and businesses have some interaction with HMRC, scam emails can appear convincing. Taking a few moments to check whether an email is genuine could help protect your personal information and finances.
1. Check the sender's email address
One of the first things to look at is the sender's email address. Genuine HMRC emails will come from a gov.uk domain. If the email originates from a different domain or contains unusual spelling, extra characters, or random numbers, treat it with caution. Remember that scammers often use addresses that look similar to official government email accounts at first glance.
2. Never share sensitive information by email
HMRC does not ask for passwords, bank details, or personal security information by email. If an email requests confidential information or asks you to confirm sensitive details, this should be treated as a warning sign. Fraudsters commonly use these tactics to gain access to financial accounts or personal data.
3. Be wary of urgent requests
Scam emails often attempt to create pressure by claiming that immediate action is required.
Common examples include:
- Threats of penalties or enforcement action
- Claims that a tax refund is waiting to be claimed
- Warnings that an account will be suspended unless action is taken
4. Avoid clicking links if you are unsure
If you have any doubts about an email, do not click on links or download attachments. Instead, visit GOV.UK directly through your web browser or log in to your HMRC online account independently. This allows you to verify whether the message is genuine without exposing yourself to potential fraud.
5. Seek professional advice
If you receive an email claiming to be from HMRC and you are unsure whether it is genuine, contact your adviser before responding. A quick check could help prevent a costly mistake and ensure that any genuine HMRC correspondence is dealt with appropriately.
HMRC scams continue to evolve, but many fraudulent emails share the same warning signs: suspicious sender addresses, requests for sensitive information, urgent demands, and links designed to capture personal data. Taking a few moments to verify an email before responding can help protect both your business and personal finances. When in doubt, verify independently and seek advice before taking action.