Book a FREE meeting quality@glazers.co.uk 020 8458 7427

VAT fraud – Avoid getting caught out by phishing attacks

24 February 2025

VAT fraud – Avoid getting caught out by phishing attacks

Scammers are increasingly targeting VAT-registered businesses with phishing attacks.

Warnings have been issued by a number of organisations, and taxpayers are being encouraged to check requests carefully. 

To help you avoid becoming a victim of these fraudsters, here is what you need to know to avoid getting caught out. 

Phishing and VAT fraud 

Phishing is when cyber criminals send fraudulent emails or text messages containing links to malicious websites. 

These websites often trick users into revealing sensitive information (such as passwords) or encourage taxpayers to transfer money. 

They can also contain malware that sabotages systems and organisations or ransomware, which holds sensitive information or systems ransom in return for a fee. 

For example, scammers are manipulating and submitting form VAT 484 to HM Revenue & Customs (HMRC) to change legitimate bank details to theirs. 

Once a repayment return is processed and verified by HMRC, funds are directed to the fraudsters’ accounts instead of the legitimate ones. 

Many businesses are currently being targeted by these methods as they submit their regular VAT report to HMRC and make payments. 

While they can be hard to identify, there are recurring scams that target both individual finances and businesses. 

The most common ones include: 

  • Texts or calls offering HMRC tax refunds 
  • Email scams about tax rebates 
  • Automated phone call scams that claim HMRC is filing a lawsuit. 

Never disclose personal or financial information about you or your business to people or websites claiming to be HMRC – unless you are 100 per cent sure that you are speaking to the tax authority. 

HMRC will only ever email you about a tax rebate or ask for personal or payment information from an email address that ends in hmrc.gov.uk. 

To find out more about how you can prevent yourself from falling victim to an HMRC scam, please visit the tax authority’s dedicated advice page. 

How to prevent phishing attacks 

It is difficult to mitigate against all phishing attacks. However, there are steps you can take to protect your organisation as much as possible. 

The National Cyber Security Council (NCSC) recommends a four-layer defence system: 

  • Make it difficult for attackers to reach your users. 
  • Help users identify and report suspected phishing messages. 
  • Protect your organisation from the effects of undetected phishing emails. 
  • Respond quickly to incidents. 

You can implement these four layers of defence by: 

  • Using secure, encrypted connections for business transactions and HMRC communications. 
  • Conducting regular phishing awareness training for all employees. 
  • Implementing multi-factor authentication for access to sensitive accounts. 
  • Reporting suspicious emails to HMRC (phishing@hmrc.gov.uk) to help fight phishing scams. 

If you are unsure whether a communication from HMRC is legitimate or not, please seek advice from our team at the earliest opportunity. 

For more information, please get in touch. 

Latest News

Welcome news for thousands as Income Tax reporting threshold set to increase

In a move to simplify tax compliance and boost the... Read more

The tax traps of director’s loans – How to avoid unnecessary charges

Director’s loans can be a useful way to access company... Read more

Road tax changes for electric vehicles – How to secure an extra 12 months tax-free

If you own an electric or low-emission vehicle, you have... Read more

Should you transfer investment property to a company? The tax benefits explained

If you own investment property, you may be wondering whether... Read more

Planning your exit? Watch out for the BADR changes

If you are thinking about selling your business, timing could... Read more

Paying your employees will cost you more after 6 April

From 6 April 2025, changes to employer National Insurance Contributions... Read more

Get in touch

This field is for validation purposes and should be left unchanged.
If you would like to see full details of our data practices please visit our Privacy Policy.

Glazers Accountants

843 Finchley Road,
London, NW11 8NA

020 8458 7427
quality@glazers.co.uk

Information

Terms of business Privacy Policy Cookie Policy Sitemap

Join our mailing list

This field is for validation purposes and should be left unchanged.

If you would like to see full details of our
data practices please visit our Privacy Policy.

Glazers Chartered Accountants is a partnership. This information has been produced for general interest. It is therefore essential to take advice on specific issues. We are unable to take responsibility for any outcome resulting from acting upon, or refraining to act upon, this information. In accordance with the disclosure requirements of the Provision of Services Regulations 2009, our professional indemnity insurers are Prosure Solutions Limited, 150 Minories, London, EC3N 1LS. The territorial coverage is worldwide excluding any action for a claim bought in any court in the United States of America or Canada.

© Glazers 2025. Company No. 05962817

Website designed by JE Consulting