‘Phishing’ is the term for attempting to get someone to give you personal information / access to systems by pretending to be someone else. This could be an email from someone who claims to be writing from your bank, or a phone call from someone pretending to be with a government department.
How do i spot phishing?
Fraudsters fish (or ‘phish’) for information like passwords or ID numbers, but also try to get you to do something like enter your login details on a fake site that looks like the real thing. Some of the most effective techniques are subtly changing things so that the fraud goes unnoticed, like changing banking details on invoices so that payments are made to the fraudsters.
There is almost never a reason to give out your details to someone over phone or text, no matter where they claim to be from.
The government does not need your ID details over the phone – they have the most complete set of information about you out of everyone. And services like Slack don’t need your login details – they literally own and run the platform, they simply don’t need your password in order to do anything.
How do i report phishing?
Recipients of phony messages should avoid clicking on any links. HMRC asks that phishing emails and bogus text messages are reported. The emails can be sent to HMRC by email email@example.com or by text message to 60599.
In HMRC’s latest update there is information on the valid use of QR codes by HMRC. HMRC includes QR codes in the welcome letter issued by post to taxpayers who are newly-registered for Self-Assessment. HMRC also uses QR codes to help taxpayers complete a payment to HMRC using a mobile phone. The QR code is only displayed when logged in.
HMRC may also send you a text message if you call a helpline from a mobile phone. On the call, HMRC will tell you to expect a text message — it will be either immediately or shortly after the call.
But HMRC will never ask for personal or financial information when they send text messages.