Book a FREE meeting quality@glazers.co.uk 020 8458 7427

VAT fraud – Avoid getting caught out by phishing attacks

24 February 2025

VAT fraud – Avoid getting caught out by phishing attacks

Scammers are increasingly targeting VAT-registered businesses with phishing attacks.

Warnings have been issued by a number of organisations, and taxpayers are being encouraged to check requests carefully. 

To help you avoid becoming a victim of these fraudsters, here is what you need to know to avoid getting caught out. 

Phishing and VAT fraud 

Phishing is when cyber criminals send fraudulent emails or text messages containing links to malicious websites. 

These websites often trick users into revealing sensitive information (such as passwords) or encourage taxpayers to transfer money. 

They can also contain malware that sabotages systems and organisations or ransomware, which holds sensitive information or systems ransom in return for a fee. 

For example, scammers are manipulating and submitting form VAT 484 to HM Revenue & Customs (HMRC) to change legitimate bank details to theirs. 

Once a repayment return is processed and verified by HMRC, funds are directed to the fraudsters’ accounts instead of the legitimate ones. 

Many businesses are currently being targeted by these methods as they submit their regular VAT report to HMRC and make payments. 

While they can be hard to identify, there are recurring scams that target both individual finances and businesses. 

The most common ones include: 

  • Texts or calls offering HMRC tax refunds 
  • Email scams about tax rebates 
  • Automated phone call scams that claim HMRC is filing a lawsuit. 

Never disclose personal or financial information about you or your business to people or websites claiming to be HMRC – unless you are 100 per cent sure that you are speaking to the tax authority. 

HMRC will only ever email you about a tax rebate or ask for personal or payment information from an email address that ends in hmrc.gov.uk. 

To find out more about how you can prevent yourself from falling victim to an HMRC scam, please visit the tax authority’s dedicated advice page. 

How to prevent phishing attacks 

It is difficult to mitigate against all phishing attacks. However, there are steps you can take to protect your organisation as much as possible. 

The National Cyber Security Council (NCSC) recommends a four-layer defence system: 

  • Make it difficult for attackers to reach your users. 
  • Help users identify and report suspected phishing messages. 
  • Protect your organisation from the effects of undetected phishing emails. 
  • Respond quickly to incidents. 

You can implement these four layers of defence by: 

  • Using secure, encrypted connections for business transactions and HMRC communications. 
  • Conducting regular phishing awareness training for all employees. 
  • Implementing multi-factor authentication for access to sensitive accounts. 
  • Reporting suspicious emails to HMRC (phishing@hmrc.gov.uk) to help fight phishing scams. 

If you are unsure whether a communication from HMRC is legitimate or not, please seek advice from our team at the earliest opportunity. 

For more information, please get in touch. 

Latest News

How will the say-nothing Spring Statement shape the future of businesses?

Many businesses felt as though they had been entirely overlooked... Read more

Spring Statement 2026

Read more

Is your business ready to process new maternity and paternity rates?

With so many changes hitting businesses in April, it is... Read more

ABTA compliance nightmares: The most common mistakes we see (and how to avoid them)

The Association of British Travel Agents (ABTA) works to ensure compliance... Read more

MTD is getting closer, but awareness still is not translating into action

As Making Tax Digital for Income Tax edges ever closer... Read more

Financial risk management in the travel industry – Lessons from recent collapses

The collapse of some large travel firms in recent years... Read more

Get in touch

This field is for validation purposes and should be left unchanged.
If you would like to see full details of our data practices please visit our Privacy Policy.

Glazers Accountants

843 Finchley Road,
London, NW11 8NA

020 8458 7427
quality@glazers.co.uk

Information

Terms of business Privacy Policy Cookie Policy Sitemap

Join our mailing list

This field is for validation purposes and should be left unchanged.

If you would like to see full details of our
data practices please visit our Privacy Policy.

Glazers Chartered Accountants is a partnership. This information has been produced for general interest. It is therefore essential to take advice on specific issues. We are unable to take responsibility for any outcome resulting from acting upon, or refraining to act upon, this information. In accordance with the disclosure requirements of the Provision of Services Regulations 2009, our professional indemnity insurers are Prosure Solutions Limited, 150 Minories, London, EC3N 1LS. The territorial coverage is worldwide excluding any action for a claim bought in any court in the United States of America or Canada.

© Glazers 2026. Company No. 05962817

Website designed by JE Consulting