Security

Revenue.ie and myAccount

ISO Certification

Revenue's internet facing sites are ISO27001 certified.

Phishing (email scams)

Phishing is a scam where bogus emails are sent to trick you into revealing personal or financial information. A link in the email will take you to a fake web page, which will request personal information such as your:

  • PIN
  • password
  • Personal Public Service Number (PPSN)
  • bank account information.  

This information could be used to apply for a credit card or write cheques in your name. 

Phishing emails may appear to come from: 

  • government departments (such as Revenue)
  • banks
  • credit card companies
  • online shops. 

They may contain realistic logos and official-sounding text. They may even carry a warning about phishing.

Note: 

Revenue will never send emails which require customers to send personal information via email or pop-up windows.

A common scam is an email, apparently from Revenue, claiming that you are eligible for a tax refund. It contains a link to an online claim form, requesting your personal or financial information, including bank account details.

This type of email does not mean that any of your information has been gathered from Revenue's systems. Email addresses can be found in publicly available sources, or generated randomly.

If you receive a suspicious email purporting to be from Revenue, please
forward it to webmaster@revenue.ie. You can contact your Revenue office to check the status of any refund that may be due.

Smishing (SMS fraud) 

'Smishing' is a scam where you are sent an SMS (text message) containing a link to a fraudulent website or phone number. The sender is attempting to collect personal information.

Please remember that Revenue will never send unsolicited text messages. If you receive an unsolicited text message purporting to be from Revenue, ignore it.

Secure web pages

All pages on the Revenue website that request personal information are encrypted. This encryption uses a 128 bit EV SSL certificate signed by COMODO, valid until 18 July 2018. 

You can verify that the page is secure by looking for a padlock icon in your browser. For more information, please see Secure Web Pages in Further Guidance.

MyEnquiries

Use Revenue’ secure online facility ‘MyEnquiries’ for any communication that includes personal or confidential information. 

You can access MyEnquiries through: 

  • Revenue Online Service (ROS), if you are registered for ROS
  • myAccount, if you are registered for myAccount or have an existing PAYE Anytime PIN.

Standard (non-secured) email

You should not send personal or confidential information to Revenue by email. Email is sent through public networks, and can be intercepted and read unless it is protected with encryption. 

Revenue cannot guarantee that any personal or sensitive data, sent in plain text through standard email, is fully secure. Anyone opting to use this channel is deemed to have accepted any risk involved. 

To send personal or sensitive information to Revenue you should use either:

  • myAccount
  • standard post.

Personal contacts

Revenue officers, in the exercise of powers on outdoor duty, are required to: 

  • identify themselves
  • show their official Revenue issued Identity card
  • state the purpose of the meeting. 

Officers should provide business cards showing the address and telephone number of their office. This information can be used to confirm that the officer is who they say they are. 

Next: Revenue Online Service (ROS) security