HMRC warns over social media fraudsters

Written by Sam Trendall on 1 November 2022 in News

Tax agency urges citizens to be on the lookout for scammers using online platforms

Credit: Rakesh Pandit/Pixahive

HM Revenue and Customs has warned the public to be on the lookout for fraudsters operating on social media.

The department has published new guidance reminding citizens of the importance of protecting their account information – and warning that social networks have become a popular with scammers seeking to “trick or persuade people into sharing their personal or login details” for the tax agency’s Government Gateway online login service.

“They use these details to apply for fraudulent tax repayments from HMRC,” the department added. “They hide their own identity, which means the person whose details they’ve used will owe money to HMRC. Their social media posts often advertise that they are ‘risk free’. They may also send direct messages to you through social media.”

Anyone who does unwittingly share their details with a fraudster is warned that they “will be at risk of having to pay back the full tax debt created… in your name”. 

The guidance said: “Your bank account may be frozen, and fraudsters may post or sell your personal details online for anyone to use.”

Consequently, users are advised not to share their HMRC login details with anyone – including tax agents operating on their behalf.

Related content

Anyone who sees an advert or post on a social platform that asks for the provision of login information, National Insurance numbers, or any other personal details is asked to tell HMRC via the online service for reporting tax fraud. Social media fraud should be reported via a separate service to that which is used for flagging suspicious emails, texts, or phone calls.

The guidance also outlines measures taken by HMRC to protect online interactions with the department, which includes automatically logging out users after 15 minutes of inactivity, and providing information on the time and date of the previous login, so users can spot any unexplained access to their account.

HMRC also encrypts data sent and received by the department via its digital services.

“If someone was able to externally view your connection to HMRC, they would be unable to interpret the data sent,” it said.

The department also protects most online accounts with multi-factor authentication technology – a process which, after a user has entered their login details, requires the additional provision of a one-off code that can be sent via text or voice message.

“If you use text messages or voice calls for multi-factor authentication, and you receive login codes from HMRC when you are not trying to log in, it may mean someone has your login details,” the guidance said. “If this happens, it would be sensible to change your password.”


About the author

Sam Trendall is editor of PublicTechnology. He can be reached on

Share this page




Please login to post a comment or register for a free account.

Related Articles

EXCL: Government red team security unit to test departmental defences with hostile reconnaissance
2 December 2022

Specialist supplier will support in searching – and then attempting to take advantage of – ‘vulnerabilities and exploitable information’

Government to study ‘key vulnerabilities’ of cloud sector and estimate national cost of outages
26 October 2022

Research will consider potential impact of system failure on the country’s finances and way of life

HMRC issues fraud warning after taking down 10,000 websites in a year
12 October 2022

Scammers will aim to take advantage during a time of year when many are completing tax returns, department warns

No crypto in government reserves, Treasury minister confirms
23 November 2022

Bank of England will soon take the next steps in exploring the possible introduction of a central digital currency