What is it?

You’re convinced to make a payment or give your business’ financial details to someone claiming to be from an organisation you trust. This could include paying a fake HMRC bill or providing your business’s bank details to “your bank”.

Often these scams begin with a call, email or text message that appears to be from a trusted organisation. Criminals use a tactic called spoofing to make their call or text message appear genuine by cloning the number or sender ID which the organisation uses.

How to spot an impersonation scam

  1. You receive a call, text or email out of the blue with an urgent request to make payment or requesting your business’ financial information
  2. You’re asked to act immediately sometimes with the claim that “payments need to be verified” or to claim, “a pending tax refund”
  3. The caller may ask you to download software onto your computer
  4. The sender’s email address domain is different to that of the genuine organisation

Examples of impersonation scams

Pending tax refund

Jacob* received an email from what appeared to be from HMRC informing him his business was eligible for a tax refund, with a link leading to the “official claim application form”. He proceeded to click on the link and hurriedly filled out the form, not wanting to miss the stated deadline. Jacob failed to notice the email he received was in fact not from HMRC, with the link contained inconsistent with the official Gov.UK’s URL and the email addressing him as “Dear Customer” instead of using his full name. The form he had just completed was also fake.

A few days later, Jacob contacted HMRC using the number from their official website who informed him that he had fallen for a scam. He had also noticed transactions on the business’s bank statement that he didn’t recognise.

If only he had taken a moment to contact the organisation directly to validate the request.

Working from home

Daisy* had never worked from home before and was having trouble trying to connect to her broadband when a pop-up informing her that her computer had been infected by malware appeared on her screen. Panicking she called the helpline in the pop-up and was informed by the supplier that she needed to provide remote access to her computer by downloading software onto her computer in order to rectify the issue.

Once the download was complete and the remote access was granted, Daisy was asked to login to her online banking to pay a fee for the tech support services she had received, not realising that the criminal had already started to move money out of the business’s account.

*These case studies are based on insights from partners

If you believe your business has fallen for a scam, contact the bank immediately on a number you know to be correct, such as the one listed on the back of your business’s bank card.

Report it to Action Fraud on 0300 123 2040 or via actionfraud.police.uk. If you are in Scotland, please report to Police Scotland directly by calling 101 or Advice Direct Scotland on 0808 164 6000.

Always remember

You can forward potential scam emails to report@phishing.gov.uk

Avoid clicking on any links or attachments within emails or texts. If you receive any scam texts forward them to 7726

Contact your business’s bank or trusted organisations directly using a known email or phone number

Don’t give anyone remote access to your computer following a cold call or an unsolicited text or email

HMRC will never notify your business about tax refunds, penalties or ask for your business’s personal or financial information through emails, texts or phone calls. You can forward suspicious emails claiming to be from HMRC to phishing@hmrc.gov.uk and texts to 60599.

If you’re unsure whether it’s a scam, check their guidance on recognising scams, and for more detail on reporting methods visit gov.uk.

If you have visited a website you think is suspicious you can report it to the National Cyber Security Centre.

Scam warning: Criminals may purport to be from Take Five, using our official branding on websites, social media posts, literature, on the phone or by text. Take Five doesn’t provide endorsement or approval for any products/services and would never call or text anyone.