VAT phishing scams – Don’t let fraudsters steal your refunds

Blog, HMRC, Scam, SMEs / Business, Tax, VAT / 12 February 2025
Grunberg & Co > Newsroom > Blog > VAT phishing scams – Don’t let fraudsters steal your refunds

If you run a VAT-registered business, you could be a prime target for cybercriminals looking to commit VAT fraud.  

Scammers are using increasingly sophisticated phishing tactics to impersonate HM Revenue & Customs (HMRC), tricking businesses into revealing confidential information or unknowingly sending funds straight into fraudulent accounts. 

Fraudulent activity is on the rise, but by staying informed, you can protect your business from these scams. 

The latest VAT fraud scam – how does it work? 

One of the most damaging scams currently affecting businesses involves criminals submitting fraudulent VAT 484 forms to HMRC.  

These forms change a business’s bank details, meaning that VAT refunds, once processed, are deposited into the scammer’s account. 

These fraudsters often use phishing emails or texts to gather key business information before making the change.  

If you receive any unexpected requests related to your VAT registration, be cautious – it could be an attempt to defraud you. 

Other common HMRC-related phishing scams include: 

  • Fake tax refund notifications – Emails promising tax rebates to encourage users to share bank details. 
  • Threatening phone calls – Automated messages claiming HMRC is taking legal action unless immediate payment is made. 
  • Malware-laden links – Emails containing attachments that install viruses or ransomware on business systems. 

HMRC will never ask for sensitive financial details via email or text. If you receive a suspicious message, contact HMRC directly via their official channels. 

What can you do to stay safe? 

While phishing scams are evolving, so too are the measures businesses can take to protect themselves. The National Cyber Security Centre (NCSC) advises businesses to: 

  • Strengthen email security – Use spam filters and block fraudulent senders. 
  • Train your staff – Educate employees on recognising scam attempts and encourage them to report suspicious emails. 
  • Enable multi-factor authentication (MFA) – Protect key business accounts with an extra layer of security. 
  • Monitor VAT transactions – Regularly check VAT payments and refunds to ensure they are directed to the correct accounts. 

If you receive a suspicious email, forward it to phishing@hmrc.gov.uk. You can also report scam calls to HMRC through their official website. 

Scammers are relentless, but a well-informed business is much harder to target.  

By keeping security measures in place and staying alert to potential fraud attempts, you can prevent phishing scams from costing your business money and data. 

Need help verifying VAT communications? Get in touch with our team for expert advice. 

Awards and Accreditations

Sign up for our newsletter

If you would like to see full details of our data practices please visit our Privacy Policy and if you have any questions please email contact@grunberg.co.uk.

Head Office:

Grunberg & Co Limited
5 Technology Park
Colindeep Lane
London
NW9 6BX

Email:
Tel: +44 (0) 20 8458 0083
Fax: +44 (0) 20 8458 0783

About Us:

Meet The Team Corporate Social Responsibility Work for us Who we’ve helped Diversity and Inclusion

Our services:

Personal tax and wealth planning Starting out Growing businesses Audit Planning to exit International REANDA

Support

COVID-19 Support Hub Preparing for Brexit Newsroom Events & webinars Resource Centre Contact Us

© 2025 Grunberg & Co Limited T&Cs Privacy Policy Quality Policy Regulatory Information Copyright Accessibility Statement Cookies Sitemap
Designed by: JE Consulting

Get in touch

Get in touch

If you would like to see full details of our data practices please visit our Privacy Policy and if you have any questions please email contact@grunberg.co.uk.

x