Revenue writes to taxpayers who have been the target of fraudulent texts

Revenue regularly reminds taxpayers that it never sends text messages (SMS) requiring the provision of personal information via links, pop-up windows, reply text or email. These reminders are issued by Revenue because of the ongoing circulation of a number of ‘scam’ text messages, purporting to come from Revenue, that contain a link to a fraudulent website which seek personal information from taxpayers. These texts do not come from Revenue, they are in fact from fraudsters.

Today (28/5/2020), Revenue confirmed that it has written to approximately 3,000 taxpayers advising them that, as a result of information provided by them as part of a recent scam, personal details held in the user profile of their Revenue myAccount may have been accessed by the fraudsters.

Revenue’s Chief Information Officer, John Barron, explained that:

“Revenue constantly monitors for suspect online activity on all its services and takes action as soon as such activity comes to light. For example, where potential phishing websites are detected, we immediately seek to have them taken offline by reputable hosting services.”

“Following an investigation by Revenue’s IT Department into this latest scam, we are contacting approximately 3,000 taxpayers to make them aware of our concerns that their personal details may have been accessed, the possible serious implications for them and to set out some practical things they can do to minimise the extent of any fraud perpetrated against them.”

Mr Barron stated that:

“it is important to note that the security of Revenue’s systems has not been compromised in any way. However, the nature of this particular type of scam has led to some taxpayers unwittingly compromising the security of their personal myAccount profile details by providing information such as their PPSN, Date of Birth and myAccount password to fraudsters. This occurred after the taxpayer clicked on a link, in a text sent by fraudsters, which purported to be the RevenuemyAccount’ log-in screen.”

“If the details provided after clicking the link are valid, the fraudsters then use these details provided by the taxpayer to access the taxpayer’s myAccount user profile screen. At this stage they may be able to obtain further information including potentially bank details where the taxpayer has recorded these with Revenue.”

Mr Barron confirmed that:

“in order to mitigate any further threat to the accounts that could have been potentially compromised, we are now contacting each of the taxpayers by letter informing them of possible fraudulent activity that may have affected their account. The letter notifies the taxpayer that Revenue has temporarily deactivated their myAccount access and advises them of important next steps they should follow.”

Finally, Mr Barron summarised some key advice for taxpayers to protect themselves from scams and fraud:

“The important things for taxpayers to remember are:

  • Revenue never contacts customers via text messages seeking personal information.
  • Anyone who receives such a text message, purporting to be from Revenue, should delete it immediately.
  • When using Revenue’s online services always access them through our website.
  • Never provide your myAccount password if requested to do so.
  • Never provide the answers to your myAccount security questions if requested to do so.
  • Revenue already has your relevant information on file and never asks for these details to be provided via links, pop-up windows, reply text or email."

Sample letter to taxpayers

[Ends 28/05/2020]