Phishing (Email Scams)
Phishing is a scam where bogus emails are sent to people in order to trick them into revealing personal or financial information. If an unwary person follows a link in the email, they will be taken to a fake web page, which will try to trick them into entering personal information such as a PIN, password, PPSN or bank account information. That information may be used in various ways, e.g. to apply for credit card in the person's name, or write cheques from their bank account.
Phishing emails may pretend to come from government departments such as Revenue, as well as banks, credit card companies and online shops. They may contain realistic-looking logos and official-sounding text. They may even carry a warning about phishing.
Note: Revenue will never send emails which require customers to send personal information via email or pop-up windows.
An example of a scam that has occurred here is an email, claiming to be from Revenue, informing the recipients that they were eligible to receive a tax refund. It offered a link to an online claim form, which asked for personal and financial information, including bank account details where the promised refund would supposedly be credited.
Note that your email address can often be found from publicly available sources, or randomly generated. Therefore if you receive a fake email that appears to be from Revenue, this does not mean that your email address, name or any other information has been gathered from Revenue's systems.
If you receive an email purporting to be from Revenue and you suspect it to be fraudulent or a scam please forward it to email@example.com. Alternatively, you can contact your tax district to check the status of any refund that may be due. You can get your district's details by using the contact locator and your PPS Number.
SMS fraud - Smishing
'Smishing' is the name given to fraudulent schemes whereby you are sent an SMS (text message) containing a link to a fraudulent website or a phone number in an attempt to collect personal information.
Smishing attacks, whereby people are sent a text message with links to a fake website that look similar to the Revenue website have been reported.
Please remember that Revenue never send unsolicited text messages.
If you receive an unsolicited text message purporting to be from Revenue with a link to a website you should ignore it.
Secure Web Pages
Pages on www.revenue.ie which request personal information, such as the Contact Locator, are encrypted using a 128 bit SSL certificate signed by Verisign, valid until 9th August 2015. You can verify that the page is secure by looking for a padlock icon in your browser, as well as a range of visible signs. Some common examples are shown below.
Internet Explorer 8
Internet Explorer 9
Revenue has implemented a secure email system to securely send and receive email messages, for which you can enrol via the Online Services section of the website. In this system, emails are encrypted, so that even if they are accessed by others, they cannot be read without your password. We recommend using the secure email system for any communication that includes personal or confidential information.
Standard (non-secured) Email
Revenue does not recommend sending personal or confidential information by email. Email is sent via public networks, and can be intercepted and read unless it is protected with encryption. Please note that Revenue cannot guarantee that any personal and sensitive data, sent in plain text via standard email, is fully secure. Customers who choose to use this channel are deemed to have accepted any risk involved. The alternative communication methods offered by Revenue include standard post and the secure email service referred to above.
On meeting with taxpayers, Revenue officers in the exercise of powers on outdoor duty are required to identify themselves, show their official Revenue issued Identity Card and state the purpose of the meeting. Officers should also provide business cards showing the address and telephone number of their office and the taxpayer should use this information to confirm the bona fides of the officer.