How to Combat Scams From HMRC: A Guide for Contact Centers

Fraudsters pretending to be His Majesty’s Revenue and Customs (HMRC) agents frequently target banking, financial, or even retail contact centers through phone calls, emails, and text messages.

These fraudsters aim to manipulate sensitive tax issues, steal confidential information, make unauthorized payments, and more.

Many of these types of scams are increasing due to deepfakes of synthetic audio and AI-driven voice cloning.

Pindrop’s 2025 Voice Intelligence & Security Report analyzed over 1.2 billion calls, identifying how, in 2024 alone, there was a:

This article examines the various types of HMRC scams, offers detailed guidance on identifying and verifying legitimate communications, and introduces effective fraud detection strategies.

Why HMRC scam threats specifically target businesses

Businesses, especially those in finance, banking, and retail, are desirable targets for fraudsters posing as HMRC.

They exploit the complexity and urgency surrounding business tax processes, knowing that businesses typically handle higher transaction values and are subject to regular communication from HMRC.

A notable incident in 2025 saw HMRC report a phishing campaign that affected approximately 100,000 taxpayer accounts, resulting in losses of £47 million ($64 million), which highlighted the scale and impact of such attacks. Cybercriminals gained unauthorized access using stolen credentials, successfully claiming fraudulent tax rebates, as reported by The Guardian.

According to Loughborough University, this case highlights the continued effectiveness of simple social engineering tactics, whether over the phone or via phishing emails, particularly when combined with stolen personal data and institutional trust, such as HMRC.

Types of HMRC business scams

Recognizing different scam methods is essential. Here are the most common.

HMRC phone call scams

Phone call scams involve fraudsters impersonating HMRC officials, claiming urgent tax issues or overdue payments. Fraudsters manipulate emotions by creating immediate fear of legal consequences or business penalties to extract sensitive details or financial transactions.

These scams have become especially dangerous with the rise of AI-driven synthetic voice technology. The 2025 Voice Intelligence & Security Report revealed that synthetic voices accounted for 0.33% of contact center calls in Q4 2024, representing a 173% increase from Q1.

Fraudsters now effectively mimic real voices through pitch modulation, tone manipulation, and cadence adjustments, making traditional authentication measures inadequate.

HMRC scam phishing emails and texts

HMRC scams, particularly phishing emails and texts, are a persistent problem. According to the U.K. government, in the 12 months prior to September 2023 alone, HMRC received a significant increase in scam reports, with over 130,000 reports of tax scams, of which 58,000 involved fake tax rebates.

Fraudsters disguise messages as official HMRC communication, often mentioning tax refunds or urgent tax issues. Messages include malicious links or attachments designed to capture login credentials or install malware.

A typical scenario involves receiving an email claiming there’s an urgent tax liability or a refund waiting. Once clicked, these links direct users to a fake HMRC website, prompting them to enter sensitive business credentials or financial details.

HMRC tax rebate or refund scams

Fraudsters commonly exploit people’s and businesses’ anticipation of tax refunds. Once again, the U.K. government announced that nearly half of the 144,298 scams reported to HMRC in the 12 months prior to October 2024 were fake self-assessment tax rebates, with a 16.7% increase in the number of scam referrals.

Scammers contact businesses claiming they are eligible for a significant tax rebate and encourage the targeted recipient to share sensitive banking or tax information in exchange for the alleged refund.

In real-world scenarios, businesses receive official-looking communications claiming immediate refunds, directing them to enter confidential financial information on fraudulent websites, which ultimately results in account compromise.

Verifying legitimate HMRC communication

Genuine HMRC communications always contain specific official identifiers, such as unique taxpayer reference numbers, precise information that should only be known to the business and HMRC, and clearly defined contact protocols.

Authenticating communication that claims to be from HMRC is essential for financial contact centers, as scammers exploit the trust and urgency associated with tax-related matters.

According to official HMRC guidelines, legitimate HMRC representatives will never:

To reliably distinguish between genuine and fraudulent communications, banking and finance contact centers should implement comprehensive, multilayered verification procedures.

Authentication protocols and best practices

Effective authentication best practices include:

Advanced fraud detection methods from a banking perspective

Today’s financial institutions and businesses alike require more than manual reviews and basic caller authentication to effectively detect and respond to scams, such as those pretending to be from HMRC.

Advanced technology-driven detection strategies enhance protection, reduce false positives, and improve efficiency. By integrating voice analytics, machine learning, and automated cross-referencing systems, contact centers can proactively identify and disrupt more fraudulent activities.

Institutional protocols and cross-reference systems

To fully leverage these advanced detection methods, banking institutions and/or contact centers serving them must establish comprehensive institutional protocols that may include:c

Reporting and post-scam actions

Rapid and systematic reporting is crucial in limiting damage from HMRC scams and facilitating quicker investigations and resolutions. Banking contact centers should establish and communicate transparent reporting and documentation procedures to all employees.

Here’s an example of a reporting workflow to follow:

Safeguard your business from HMRC scams with Pindrop^Ⓡ Solutions

Protecting your banking, finance, or business contact center from sophisticated HMRC scams demands an advanced, layered approach.

Pindrop offers tailored fraud-detection and authentication solutions specifically designed to strengthen security and streamline authentication, helping protect your operations and customer relationships.

With proven results across financial institutions globally, Pindrop solutions help your organization proactively detect threats, save valuable agent time, and protect customer trust.

Don’t wait for fraud to impact your business. Take action now to secure your operations and customers.

Schedule a call with a Pindrop expert, and experience firsthand how our solutions can help safeguard your business from HMRC scams and beyond.