HMRC scam message (refund/penalty): what to do

Scammers often impersonate HMRC with “refund”, “penalty”, or “urgent action” messages. If you're unsure, paste the message into FraudSentry.

Tip: Do not paste passwords, OTP codes, or full card/bank numbers.

Example message (Example)

“HMRC: You're owed a tax refund. Claim within 24 hours: example-link.com”

Red flags

• Refund or penalty with a tight deadline
• Link asking for bank details or personal details
• Threatening language (“lawsuit”, “enforcement”, “final notice”)
• Sender address/number looks unusual
• Requests for passwords or access codes

What to do now

1. Do not click links or reply with details.
2. If you want to check your tax position, go via official HMRC routes (type the address yourself or use the HMRC app).
3. If you shared personal or payment details, contact your bank immediately.
4. Report the message using the official HMRC reporting routes below.

Official UK reporting links

FraudSentry is independent and is not affiliated with or endorsed by these organisations.

HMRC guidance for reporting suspicious messages/calls/social accounts: https://www.gov.uk/report-suspicious-emails-websites-phishing/report-scam-HMRC-messages-calls-social-media

Common HMRC reporting routes (from GOV.UK):

• Suspicious emails: phishing@hmrc.gov.uk
• Suspicious texts: forward to 60599 (may be charged at your network rate)
• WhatsApp/app messages: screenshot and email to phishing@hmrc.gov.uk
• Suspicious social accounts: branddefence@hmrc.gov.uk

General phishing reporting (UK):

• Forward suspicious emails to: report@phishing.gov.uk
• Forward suspicious texts to: 7726 (free)

FAQ

Related scam guides

• General scam message checks
• Bank text scam checks
• WhatsApp impersonation scam checks
• All scam check guides

Disclaimer

FraudSentry helps people check, review, and take safer next steps. It does not guarantee detection, prevention, or recovery. Always verify through official channels.