Security and myAccount

ISO Certification

Revenue's internet facing sites are ISO27001 certified.

Phishing (email scams)

Phishing is a scam where bogus emails are sent to people to trick them into revealing personal or financial information. If you follow a link in the email, you will be taken to a fake web page, which will try to trick you into entering personal information such as:

  • a PIN
  • password
  • Personal Public Service Number (PPSN)
  • bank account information.  

This information could be used to apply for a credit card or write cheques in your name. 

Phishing emails may appear to come from: 

  • government departments (such as Revenue)
  • banks
  • credit card companies
  • online shops. 

They may contain realistic logos and official-sounding text. They may even carry a warning about phishing.


Revenue will never send emails which require customers to send personal information via email or pop-up windows.

A common scam is an email, apparently from Revenue, claiming the recipient is eligible for a tax refund. It contains a link to an online claim form, which asks for personal or financial information, including bank account details.

If you receive a scam email apparently from Revenue, it does not mean that your email address, name or any other information has been gathered from Revenue's systems. Email addresses can often be found in publicly available sources, or generated randomly.

If you receive a suspicious email purporting to be from Revenue, please
forward it to Alternatively, you can contact your Revenue office to check the status of any refund that may be due.

Use the Contact us and your Personal Public Service Number to find the contact details of your Revenue office.

Smishing (SMS fraud) 

'Smishing' is the name given to fraudulent schemes in which you are sent an SMS (text message) containing a link to a fraudulent website or phone number. The sender is attempting to collect personal information.

Please remember that Revenue will never send unsolicited text messages.

If you receive an unsolicited text message purporting to be from Revenue you should ignore it.

Secure web pages

Pages on the Revenue website that request personal information, such as Contact Us and ROS, are encrypted using a 128 bit EV SSL certificates signed by COMODO, valid until 18 July 2018. 

You can verify that the page is secure by looking for a padlock icon in your browser. For more information please see Secure Web Pages in Further Guidance.


Use Revenue’ secure online facility ‘MyEnquiries’ for any communication that includes personal or confidential information. 

You can access MyEnquiries through: 

  • ROS (if you are registered for ROS)
  • myAccount (if you are registered for myAccount or have an existing PAYE Anytime PIN).

Standard (non-secured) email

You should not send personal or confidential information to Revenue by email. Email is sent through public networks, and can be intercepted and read unless it is protected with encryption. 

Revenue cannot guarantee that any personal or sensitive data, sent in plain text through standard email, is fully secure. Anyone opting to use this channel is deemed to have accepted any risk involved. 

To send personal or sensitive information to Revenue you should use either:

  • myAccount
  • standard post.

Personal contacts

On meeting with taxpayers, Revenue officers in the exercise of powers on outdoor duty are required to: 

  • identify themselves
  • show their official Revenue issued Identity card
  • state the purpose of the meeting. 

Officers should also provide business cards showing the address and telephone number of their office. This information can be used to confirm the bona fides of the officer. 

Next: Revenue Online Service (ROS) security