Urgent Potential Fraud Warning for Self-Assessment Tax-Payers

Post Author:

Anne Melville

Date Posted:

April 29, 2024

Share This:

In the last few months we have identified two clients whose Government Gateway log in credentials have been hacked.

On both occasions fraudulent Self-Assessment Tax Returns were submitted, which appeared to have been lodged by our clients.  Both Returns included claims for fictitious expenses resulting in large tax repayments being due.  The repayments were then mandated to the bank accounts of third parties unknown to our clients.

On each occasion it has been due to complete chance that we have spotted this issue and have been able to alert HMRC, to  help ensure that the fraudulent repayments were not made. 

For our first client we were only able to identify the problem because, by complete coincidence, we tried to lodge their 2023 Tax Return the day after the submission of the fraudulent Return. We were unable to lodge the Return we had prepared, as we were advised that a 2023 Return had already been submitted.

For the second client, we received a letter from HMRC advising us that the client had been removed from self- assessment for 2024/2025, following the successful submission of the 2024 Tax Return.  We knew that we had not yet completed or submitted their 2024 Tax Return.

Unfortunately, HMRC do not allow tax agents, such as ourselves, to  run reports to enable us to interrogate our HMRC client list and cross check Tax Returns that have been submitted against our own client database.  There is therefore currently no way that we can monitor and check the position for all of our clients on an ongoing basis to ensure that they are not the victims of any future fraud attempts.

We therefore strongly advise all of our Self-Assessment clients to:-

  • Ensure that they keep their Government Gateway ID and password confidential and not share these with anyone.

This also means not saving these details on your computer/laptop, unless you know that you are the only person that accesses this.  We would also suggest that you do not use any public or shared computers to access any HMRC online services.

  • Make sure that your password is as secure as possible and includes a mix of capital and lower case letters and also symbols

Top tips for staying secure online – NCSC.GOV.UK

  • Set up Multi Factor Authentication for your Government Gateway account to ensure an additional layer of security
  • Not click on any strange links in emails that you may receive, even if they appear to come from HMRC. If you do click on any links and are then asked to enter your Government Gateway ID and password – close the link immediately and change your Government Gateway password if you got as far as entering this in the link.

Keeping your HMRC login details safe – GOV.UK (www.gov.uk)

Photo by Bermix Studio on Unsplash