North East university students have been warned to beware of scammers offering fake tax refunds in an effort to steal money and personal details.
HM Revenue and Customs (HMRC) says the crooks are using seemingly legitimate university email addresses (for example ‘@uc.ac.uk’) in order to avoid detection.
This is the largest direct attack HMRC has seen on students with thousands of fraud attempts being reported in just a few weeks across the UK.
Durham and Newcastle Universitires are among those which have been particualrly trageted.
Financial Secretary to the Treasury, Mel Stride MP, said: "HMRC will never inform you about tax refunds by email, text or voicemail. If you receive one of these messages it is a scam. Do not click on any links in these messages, and forward them to HMRC’s phishing email address.
"Although HMRC is cracking down hard on Internet scams, criminals will stop at nothing to steal personal information. I’d encourage all students to become phishing aware - it could save you a lot of money."
Director of Action Fraud, Pauline Smith, added: "Devious fraudsters will try every trick in the book to convince victims to hand over their personal information, often with devastating consequences. It is vital that students spot the signs of fraudulent emails to avoid falling victim by following HMRC’s advice.
"Together with HMRC, we work tirelessly to stop fraudsters in their tracks and to prevent unsuspecting members of the public from falling victim to fraud."
HMRC is working with and encouraging all universities to raise awareness of scams and many have already begun taking action to warn their students of the risks.
Often HMRC related email scams spoof the branding of GOV.UK and well known credit cards in attempt to look authentic. The recipient’s name and email address may be included several times within the email itself.
Fraudulent emails and texts will regularly include links which take students to websites where their information can be stolen. Between April and September this year, HMRC requested that 7,500 of these phishing sites be deactivated. This compares to around 5,200 requests during the same period in 2017.