There are always going to be bad actors looking to scam reputable businesses out of money and data.
The new changes to Companies House and the heightened scrutiny that HM Revenue and Customs (HMRC) are placing on businesses have created a time of confusion for many.
Scammers have noticed the uncertainty and have worked to exploit it, leaving busy business owners at risk of revenue loss and reputational damage.
We want to highlight the scams that are happening and how you can avoid them.
What is the fake HMRC letter scam?
The fake HMRC letter scam is, as the name suggests, a scam wherein a business receives a fake letter purporting to be from HMRC.
The insidious nature of the scam lies in the quality of the letter produced.
No longer are we in the realm of foreign princes asking for your bank details, but a more sophisticated type of scam wherein the letter looks genuine.
The recent changes implemented by HMRC have resulted in people no longer truly knowing what is and is not believable for HMRC to request.
As such, the letters claim to be from “Indv and Small Business Compliance” and make reference to “recent government initiative aimed at verifying declared income.”
As Companies House are requesting a lot more verification of identity and business addresses, it is understandable why someone would believe this.
The letter informs recipients to verify their financial information through email before requesting:
- Business bank statements covering the last 13 months
- The most recent set of filed accounts
- VAT returns for the past four quarters
- A photographic ID (passport or driving licence) for each director
How can this scam be avoided?
HMRC will never request information in this way.
Filings will be made to Companies House, and photographic ID will be part of Companies House identity verification, although this will only need to be done once and will not be requested again.
The real warning sign is the email address to which the information is to be sent.
The email address is a “.org” address, which, while normally carrying some weight from typical organisations, is entirely invalid for a government agency.
HMRC email addresses will have the “@hmrc.gov.uk” address to signify their authenticity.
It is imperative that business owners pay close attention to where they are sending vital information.
If in doubt, contact HMRC directly to check whether they truly need such sensitive information.
Should you receive a letter of this kind, report it immediately to HMRC’s dedicated phishing inbox.
These scammers are looking to steal your data, money, or both, and falling for their tricks leaves you vulnerable to serious repercussions.
Never act in haste when receiving letters or emails, no matter how “urgent” they claim to be.
Ensure that you and your team complete regular cybersecurity training as this will cover the ways to mitigate the risk of phishing and data fraud.
It is always best to be cautious and careful, double-checking information requests whenever you feel uneasy.
We want to keep you alert and safe as you conduct your business.
For more help and guidance, speak to our team today.