Scam Email Alert – “VAT Return Query”

Find out about the recent scam email used by cyber criminals to attack tax payers.

Cyber criminals have been targeting UK taxpayers with fake VAT return messages claiming to come from HMRC which, when opened, could infect PCs with a Trojan virus and allow them to take over the victim’s computer, according to information security specialists Trustwave.

The firm says its research shows that on 6 September scammers launched a phishing attack using spoofed e-mail messages appearing to come from a HMRC support service domain and containing links to the malware disguised as a VAT return document.

The scam email was sent using a registered HMRC-like domain (

The fake emails had the subject header ‘VAT return query’, while the body of the email suggested that there were some errors in the users recently submitted VAT returns, which encouraged the recipient to click on the link within the email.

Clicking on the link results in the user being taken to a Microsoft OneDrive file sharing service that downloads the ‘VAT return’ zip file, which contains the malware.

As always, we advise our clients to be extra vigilant when using the internet. Always check the sender email address before opening any links within the email, and if you have any doubts, do not open it. Remember that HMRC will never contact clients via email.