0115 9283228

The rise of VAT fraud – How to spot and stop phishing scams

Cybercriminals are ramping up their efforts to deceive businesses, using increasingly sophisticated phishing scams to commit VAT fraud.  

Scammers impersonate HM Revenue & Customs (HMRC), sending fake emails, texts, and calls to trick businesses into handing over sensitive financial information or redirecting VAT repayments into fraudulent accounts. 

If your business is VAT-registered, you need to stay vigilant.  

Here is how phishing scams work and what you can do to safeguard your finances. 

How VAT phishing scams work 

Phishing scams operate by tricking individuals into providing confidential details or clicking on malicious links. The goal? To hijack funds, steal identities, or install malware. 

One particularly alarming tactic involves fraudsters submitting fraudulent VAT 484 forms to HMRC, altering registered bank account details so that VAT refunds are paid directly into their accounts.  

Once the funds are transferred, they disappear without a trace, leaving the rightful business owner to deal with the fallout. 

These scams can be highly convincing, often mimicking HMRC’s official communications. Some of the most common tactics include: 

  • Fake tax rebate emails promising refunds to lure victims into sharing personal details. 
  • Text messages claiming to be from HMRC, often containing urgent payment requests. 
  • Automated phone calls stating that HMRC is taking legal action, demanding immediate payment. 

Never share financial or personal information unless you are absolutely certain you are dealing with HMRC. If in doubt, contact HMRC directly using their official website. 

How to protect your business from VAT fraud 

While no system is foolproof, implementing strong security measures can reduce your risk of falling victim to these scams.  

The National Cyber Security Centre (NCSC) recommends a layered approach to security: 

  • Block attackers before they reach you – Use email filtering systems to flag suspicious emails before they land in your inbox. 
  • Educate your team – Regularly train employees on how to identify phishing attempts and avoid risky behaviours. 
  • Add an extra layer of security – Enable multi-factor authentication (MFA) on business accounts to prevent unauthorised access. 
  • Report suspicious activity – If you suspect fraud, forward phishing emails to HMRC at phishing@hmrc.gov.uk. 

Stay one step ahead of the scammers 

If you receive an email, text, or call that doesn’t feel quite right, take a step back before responding.  

Double-check the source, look for inconsistencies, and when in doubt, seek professional advice. 

Concerned about phishing scams targeting your business?  

Our team can help you verify suspicious communications and guide you on best practices for fraud prevention. Get in touch today. 

RSS
Facebook
X (Twitter)
LinkedIn
Share

We believe in having a journey and relationship with our clients.
You're not just a file on our desk; you're a friend.

Ready to start your financial journey with us?

Contact us today to schedule a consultation or simply drop by for that cup of tea. We can't wait to meet you!

Contact us today for a free consultation
Client-Services-Firm-of-the-year-2016 Small-Practice-of-the-year-2016 Small-Practice-of-the-year-2015