Is this a new scam?

eamon
eamon Posts: 2,319
Photogenic First Post First Anniversary
Forumite
Hello Folks

Hope I've put this in the correct board.

Is there a new scam purporting to be from HMRC doing the rounds. The text below has appeared in my in box. The 1st link brings me the outlook login screen and the 2nd link to gov.uk
I suspect the 1st link is to harvest my email login details possibly. The 2nd link on the other hand looks genuine. My thoughts are its a scam what do you guys think?

[FONT=&quot]Here's your HMRC Transaction Confirmation : 4C94A33104140325817A - (Please retain for your records)

You are eligible to receive a refund of up to 256.78 GBP.

We tried to send it to you automatically but we're unable to do so as we don't have your Credit/Debit Card details on file.

{Ready to claim your refund now?}

-have your credit/debit card ready
-open the application in your browser and login to your Customer Portal account
-follow the instructions on your screen

Customer Portal - https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2FGateway.RefIDConfirmation10aeeec.urefnk.com%2F&data=02%7C01%7C%7C9516af5965dc4962aa4d08d5534ac25a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636506502902824163&sdata=FfFyHh4qWIKnMg9YLkAXFsaNtbwTTxKfux5WXb0WKpU%3D&reserved=0

Summary:
- Issuing No: 21436391275192
- Issuing date : Jan 4, 2017
- ID Number : DD9CD42C
- Receiver : deleted
- Payment method : Online by Credit/Debit Card

Note : A refund can be delayed a variety of reasons, for example submitting invalid records or applying after deadline..

HM Office Gateway
https://eur01.safelinks.protection.outlook.com/?url=www.gov.uk&data=02%7C01%7C%7C9516af5965dc4962aa4d08d5534ac25a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636506502902824163&sdata=yrdw%2FHljCGaMkAB%2BHwDLDPWSC5BVeqZhvJjAT0gpBXA%3D&reserved=0

Please note: HM Office will never request your password or financial information via email.[/FONT]
«13

Comments

  • Looks very scammy to me, tbh with anything like that, from banks or paypal etc, I tend to forward to the spam team. A lot of the time they have a dedicated email for it.

    I am not allowed to post links as im a noob here, but the email is
    Hmrc's is; "phishing AT hmrc dot gsi dot gov dot uk"

    or google "gov dot uk report-suspicious-emails-websites-phishing" for the main page.

    If everyone did that for emails not sure about, it helps HMRC to catch the bad guys.

    Also, if it is something very important they always like to follow up a physical letter anyway!


    Best
    Joseph
  • Farway
    Farway Posts: 13,116
    Homepage Hero First Post Name Dropper Photogenic
    Forumite
    It is an old scam, HMRC never contact anyone to offer a refund

    If a refund is due they will automatically adjust your PAYE code
    Eight out of ten owners who expressed a preference said their cats preferred other peoples gardens
  • HogMan
    HogMan Posts: 191
    First Anniversary Combo Breaker First Post
    Forumite
    Looks dodgy to me. The outlook link is the giveaway.

    Last time I had a tax refund the HMRC communicated via post and I then had to log on to the gov.uk website to request it to be processed. Payments are made into your bank account not credited to a card.
  • HogMan wrote: »
    Looks dodgy to me. The outlook link is the giveaway.

    Last time I had a tax refund the HMRC communicated via post and I then had to log on to the gov.uk website to request it to be processed. Payments are made into your bank account not credited to a card.

    This is the correct information.

    The email you have received is a scam, and should be forwarded to HMRC as outlined above.
    "There are not enough superlatives in the English language to describe a 'Princess Coronation' locomotive in full cry. We shall never see their like again". O S Nock
  • spud17
    spud17 Posts: 4,392
    Name Dropper Combo Breaker First Post First Anniversary
    Forumite
    Move along, nothing to see.
  • DoaM
    DoaM Posts: 11,863
    First Post First Anniversary Name Dropper Photogenic
    Forumite
    On the subject of eur01.safelinks.protection.outlook.com links ... this is quite normal for links in emails received within an organisation; in my own company any external links in emails look very similar (except ours start ns01 as I recall).
  • grumpycrab
    grumpycrab Posts: 4,989
    Name Dropper First Anniversary First Post Bake Off Boss!
    Forumite
    eamon wrote: »
    Is there a new scam purporting to be from HMRC doing the rounds. The text below has appeared in my in box. The 1st link brings me the outlook login screen and the 2nd link to gov.uk
    Why are you clicking on these links? Either you're being very naive or, for some reason, you're encouraging other people to click on links in suspicious emails?
    If you put your general location in your Profile, somebody here may be able to come and help you.
  • Cookieie
    Cookieie Posts: 14 Forumite
    Looks scam like to me!

    If received via email - check the senders email address, & should it a scam - block straight away to avoid anymore emails.
  • AndyPix
    AndyPix Posts: 4,847
    Name Dropper First Anniversary First Post Photogenic
    Forumite
    Good grief
    Do you even have to ask ??!!


    An obviously obfuscated link like that should be the prime giveaway.


    Aside from the fact that the HMRC would never send a refund like that,
    No reputable organisation would expect you to click on a link that


    And as for the comment above regarding email links, ns01 stands for name server 01 and is an internal routing thing. If the HMRC wanted you to click a link to a site owned by them then the link would be concise and end in .gov.uk .. They would have precisely no reason to obfuscate it with break codes like you see in that link.


    Delete and ignore - no point in blocking the sender as this will be rotated daily if not by the minute
  • DoaM
    DoaM Posts: 11,863
    First Post First Anniversary Name Dropper Photogenic
    Forumite
    AndyPix wrote: »
    And as for the comment above regarding email links, ns01 stands for name server 01 and is an internal routing thing

    Not quite ... the "obfuscation" of the link is something that is done by the internal email (Exchange?) server of the receiving organisation. It's not "obfuscated" by the sender ... at least not in the scenario I was explaining. :)
This discussion has been closed.
Meet your Ambassadors

Categories

  • All Categories
  • 342.5K Banking & Borrowing
  • 249.9K Reduce Debt & Boost Income
  • 449.4K Spending & Discounts
  • 234.6K Work, Benefits & Business
  • 607.1K Mortgages, Homes & Bills
  • 172.8K Life & Family
  • 247.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 15.8K Discuss & Feedback
  • 15.1K Coronavirus Support Boards