HM Revenue & Customs (HMRC) reported over 170,000 phishing scam referrals in the 12 months to July 2025. While this represents a 12% drop on the previous year, HMRC continues to warn taxpayers and businesses to stay vigilant.
Today’s phishing scams are far more sophisticated than they once were. The days of poorly written emails full of spelling mistakes are largely gone. Modern scams often use professional branding, company logos, and even QR codes to trick you into clicking links, downloading attachments, or sharing personal information.
For business owners, the risks go far beyond inconvenience. Falling for a phishing attempt could lead to:
- Financial loss through fraudulent transactions
- Data breaches involving client or employee information
- Reputational damage that undermines trust with customers
Fortunately, the National Cyber Security Centre (NCSC) provides clear advice on spotting scams before it’s too late.
🚩 The Most Common Red Flags
Scam messages — whether by email, text, or phone — typically try to get you to act before you think. Look out for:
Authority – The message pretends to come from an official body such as HMRC, your bank, a solicitor, or your IT provider.
Urgency – Phrases like “Act now or your account will be closed” are designed to panic you into acting quickly.
Emotion – Fear (“you owe money”), excitement (“you’ve won a prize”), or curiosity (“view your confidential report”) are common triggers.
Scarcity – Limited-time offers, tax refunds that “expire soon”, or exclusive deals that push you to respond quickly.
Current Events – Scams tied to tax season, sporting events, or big news stories to appear more believable.
🔍 How to Verify a Suspicious Message
If something feels off, pause before clicking any links or opening attachments.
- Check official contact details – Visit the organisation’s website directly (not via links in the message) and compare phone numbers or email addresses.
- Know what HMRC will never ask for – They will never request passwords, PINs, or bank details over email or text.
- Verify phone calls – Hang up and call back using the official number from your bank statement, tax letter, or card provider.
🛡️ Make Your Business a Hard Target
A few preventative steps can dramatically reduce your risk:
- Limit public information – Review your social media privacy settings and avoid oversharing details scammers could use to impersonate you.
- Train your team – Staff awareness is key to preventing a breach.
- Enable multi-factor authentication – Add an extra layer of protection with login codes or authenticator apps.
- Keep systems updated – Apply security updates promptly on all devices.
✅ Final Thought
Phishing scams rely on panic and speed. By taking a moment to pause, verify, and think before acting, you significantly reduce the chance of falling victim. Educating your team and building good cybersecurity habits can save your business time, money, and stress.
For further guidance, visit the NCSC’s resource: Spotting Scams.
e: office@londonaccountants.co t: 0203 137 9791
Kind Regards,
The Team at London Accountants
