HMRC warns over social media fraudsters

Written by Sam Trendall on 1 November 2022 in News

Tax agency urges citizens to be on the lookout for scammers using online platforms

Credit: Rakesh Pandit/Pixahive

HM Revenue and Customs has warned the public to be on the lookout for fraudsters operating on social media.

The department has published new guidance reminding citizens of the importance of protecting their account information – and warning that social networks have become a popular with scammers seeking to “trick or persuade people into sharing their personal or login details” for the tax agency’s Government Gateway online login service.

“They use these details to apply for fraudulent tax repayments from HMRC,” the department added. “They hide their own identity, which means the person whose details they’ve used will owe money to HMRC. Their social media posts often advertise that they are ‘risk free’. They may also send direct messages to you through social media.”

Anyone who does unwittingly share their details with a fraudster is warned that they “will be at risk of having to pay back the full tax debt created… in your name”. 

The guidance said: “Your bank account may be frozen, and fraudsters may post or sell your personal details online for anyone to use.”

Consequently, users are advised not to share their HMRC login details with anyone – including tax agents operating on their behalf.

Related content

Anyone who sees an advert or post on a social platform that asks for the provision of login information, National Insurance numbers, or any other personal details is asked to tell HMRC via the online service for reporting tax fraud. Social media fraud should be reported via a separate service to that which is used for flagging suspicious emails, texts, or phone calls.

The guidance also outlines measures taken by HMRC to protect online interactions with the department, which includes automatically logging out users after 15 minutes of inactivity, and providing information on the time and date of the previous login, so users can spot any unexplained access to their account.

HMRC also encrypts data sent and received by the department via its digital services.

“If someone was able to externally view your connection to HMRC, they would be unable to interpret the data sent,” it said.

The department also protects most online accounts with multi-factor authentication technology – a process which, after a user has entered their login details, requires the additional provision of a one-off code that can be sent via text or voice message.

“If you use text messages or voice calls for multi-factor authentication, and you receive login codes from HMRC when you are not trying to log in, it may mean someone has your login details,” the guidance said. “If this happens, it would be sensible to change your password.”


About the author

Sam Trendall is editor of PublicTechnology. He can be reached on

Share this page




Please login to post a comment or register for a free account.

Related Articles

NCSC probes TikTok amid reports of imminent ban of government devices
16 March 2023

Security minister confirms intelligence agency is investigating the video app

Scottish parliamentarians ‘strongly advised’ to ditch TikTok
21 March 2023

MSPs are issued with advice following consultation with National Cyber Security Centre

Government warned over need to protect the metaverse in Online Safety laws
17 March 2023

Campaigners warn that ‘virtual actions are not adequately addressed’ by existing law or pending legislation

Sunak promises to protect tech supply chains as part of £5bn defence boost
14 March 2023

PM announces increase in funding to tackle threats posed by China and Russia