Tax & admin · 21 September 2016

HMRC reveals fraudulent email red flags

Figures indicated that 1bn was lost to cyber crime in the last year.
A word of warning to small businesses, HM Revenue and Customs (HMRC) has published revised guidelines to help people recognise phishing emails and fraudulent activity in their inboxes.

Online crime has become an increasing threat to small businesses. Earlier this year, figures from Get Safe Online and Action Fraud indicated that 1bn was reported lost due to cyber crime between March 2015 and March 2016.

Limited resources make small firms more vulnerable when dealing with the repercussions of online crime, and research this year from cloud computing company Intermedia revealed that?12 per centof ransomware attacks are now targeted at micro businesses.

Phishing emails have been reported to be the most common cause of cyber crime among small businesses, amounting to half of all attacks, according to research from the Federation of Small Businesses (FSB).

GOV.UK defines phishing as: The fraudulent act of emailing a person in order to obtain their personal/financial information such as passwords and credit card or bank account details.

We have provided readers with an outline of the revised guidelines from HMRC, to help business owners understand what they can do to protect themselves from cyber crime, fraud and online threats.

Incorrect from? address

Fraudsters have become increasingly capable of imitating official from? addresses in attempt to fool recipients. For example, by including key terms such as, or by spoofing the real address altogether

Personal information

HMRC has reiterated what kinds of emails it will never send. You will never be asked to disclose any personal information such as address or bank account details.

Emails from HMRC will never provide links to a secure log-in page or a form any personal information that HMRC is required to collect will be gathered on the official online accounts of users.

Urgent action required

Fraudsters commonly urge immediate action on bogus emails. Avoid opening any emails that request action to be taken urgently, for example you only have three days to reply.

External web pages

Fraudulent web pages have become increasingly sophisticated. By using official branding or copying the look of a website, fraudsters are able to lead users to bogus external pages without users realising, in the hope that personal information will be freely disclosed.

Common greeting



Praseeda Nair is an impassioned advocate for women in leadership, and likes to profile business owners, advisors and experts in the field of entrepreneurship and management.

Business Advice