Latest round of self assessment tax returns means new opportunity for criminals

Each year at about this time, the new batch of self assessment tax returns are issued, bringing with them a fresh opportunity for fraudsters to attack. We have heard that there have been attempts to file 2017 tax returns claiming fraudulent repayments and we are reminding our readers of the danger and to remain vigilant.

Every year we hear reports of the fraud involving repayment claims which are submitted to HMRC online using valid log in details and passwords, requesting payment to third party bank accounts.

Instances of the fraud seem to be reducing, but please be aware of the risk and as usual be alert and keep a close watch on your passwords. Although it is not an HMRC requirement, it is sensible to change them regularly if you can.

Protect your login details and reduce the risk of fraud when using HMRC Online Services. You are advised to:

  • change your password regularly, at least once every three months
  • report any suspicious account activity to the Online Services Helpdesk
  • do not let people use your login details – if other people need access you can set up administrators and assistants
  • keep your list of administrators and assistants up to date
  • keep login details secure, don’t share them with anyone - HMRC will never ask for your password
  • keep computers secure - personal computers used for work must have the same security controls as office computers
  • access your client details using your own registration - don’t use your clients' login details

Do change your password if HMRC tells you to, which might be at any time. And note that your password will be changed automatically if:

  • HMRC has made three unsuccessful attempts to contact you to tell you to change it
  • you don’t change it when HMRC tells you to.

For up-to-date news on phishing attacks and details of how to report anything unusual to HMRC, see Advice about phishing, scams and online security.