Emails claiming you are owed a tax refund look official but lead to fake login pages designed to steal your personal details — HMRC will never email you asking you to click a link to claim a refund.
"The email looked completely genuine. It had the HMRC logo, the correct colours, and it told me I was owed a refund. I nearly clicked the link before something made me stop and check the email address it had come from. That's when I realised it wasn't from HMRC at all."
— Susan, Surrey
What's Happening?
Fake HMRC tax refund emails are one of the most common phishing scams in the UK. Criminals send emails that appear to come from HMRC, telling the recipient they are owed a tax refund. The emails often look convincing, using official logos, colours and language. The recipient is directed to click a link and enter personal and financial details to claim their refund. Those details go directly to criminals.
Why This Scam Works
Most people would welcome an unexpected tax refund. The timing of these emails is often deliberate — they frequently circulate around the end of the tax year when people are thinking about tax returns and refunds. The official appearance of the email reduces suspicion. People assume that if it looks like HMRC, it probably is HMRC.
What You Might Not Know
HMRC will never email you to tell you that you are owed a tax refund and ask you to click a link to claim it. If you are owed a refund, HMRC will contact you by post or through your personal tax account. Any email claiming otherwise should be treated with caution regardless of how official it appears.
What To Look Out For
Be cautious if an email unexpectedly tells you that you are owed money, asks you to click a link to claim a refund or verify your details, uses urgent language suggesting the refund will expire, or comes from an email address that does not end in hmrc.gov.uk.
A Question Worth Asking
Was I expecting to hear from HMRC? And does the email address it came from actually end in hmrc.gov.uk? Those two questions catch most HMRC phishing emails before any harm is done.
What To Do
Step 1 — Do not click any links in the email. Step 2 — Check the sender's email address carefully — genuine HMRC emails end in hmrc.gov.uk. Step 3 — Log in to your personal tax account directly at gov.uk to check whether any refund is genuinely owed. Step 4 — Forward the suspicious email to phishing@hmrc.gov.uk and then delete it.
Lightkeepers Insight
HMRC phishing emails succeed because they combine something people want — a refund — with something that looks trustworthy. The safest habit is simple: never click links in emails about tax refunds. Always go directly to gov.uk instead.
If in doubt, go directly to the source. Type gov.uk into your browser. Do not follow the link.
