Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Scam of the Week: University Students Targeted with HMRC Phishing Emails

HMRC student phishing scam

HM Revenue and Customs (HMRC) have warned students across the UK to be cautious after a rise in phishing emails designed to steal their money and personal details.

Fraudsters are targeting students with a range of different scams, including sending fake tax refunds from what appears to be an official university email address.

Using seemingly legitimate university email addresses such as ‘’, the crooks can evade detection and successfully trick the user into believing they are receiving authentic correspondence from the university.

The emails include the branding of HMRC, and the recipient’s name is mentioned several times throughout the email to add further weight to the fraudulent message.

If the student clicks on the link within the email, they are directed to a phishing website where they are instructed to enter their personal details alongside their banking information.

The fraudsters will then use the data to steal money from the victim’s bank account or they’ll sell the information on to other criminals.

Over 620,000 tax-related email scams were reported to HMRC last year, up 20,000 on the previous year.

Students, particularly freshers, are proving to be a very attractive target for these types of phishing scams due to the wealth of information they receive about university courses, log-in details, and events taking place across campus.

The crooks will methodically do their research and slip well-crafted phishing emails in amongst legitimate university correspondence in the hopes of tricking vulnerable students.

Some of the more common scams targeting students include:

  1. Student Loans Phishing Scam: Students will receive an email from the Student Loans Company (SLC) asking for their password and financial details to ensure that their student loans arrive on time. The emails will include the SLC branding and may appear to resemble official communications from the company. However, the SLC would never request this information in an email.
  2. Rental Fraud: According to Action Fraud, £22 million was lost to rental fraud between 1 April 2014 and 31 March 2018, with an average of £1,396 lost per victim. Students looking to rent a property are asked to pay a fee in advance for a property that doesn’t even exist.
  3. Money Laundering: Students will typically be coerced into letting someone use their bank account to move money from criminal accounts. As part of the deal, they will be allowed to keep some of the money for themselves. This can prove an attractive way for some cash strapped students to make some extra money, however, the penalties for money laundering are severe and could result in a lengthy prison sentence.
  4. Job Scams: Students with limited job experience are frequently targeted with fake recruitment posts. They will be asked to complete bogus application forms that request personal and financial details as well as supplying copies of identity documents such as a drivers licence or passport.

To deal with the onslaught of scams that are being used to target them, HMRC has provided some advice to students on how they can avoid being scammed:

  • Genuine organisations such as banks and HMRC will never contact you out of the blue to ask for your Pin, password or bank details.
  • Do not give out private information, reply to text messages, download attachments or click on links in emails you were not expecting.
  •  Forward suspect emails claiming to be from HMRC to and texts to 60599.
  • Check for information on how to avoid and report scams and to recognise genuine HMRC contact.
  • Contact your bank immediately if you believe you have submitted card details to a scammer and report to Action Fraud if you suffer financial loss

MetaCompliance has created extensive Cyber Security awareness solutions, including content specifically focused on the education sector to address the unique threats faced by students. Our targeted training courses cover a broad range of topics including: Everyday Cyber Security threats, essential phishing awareness, student safety, the different scams used to target students, dangers of malicious software, emails essentials, securing mobile devices, laptop security, and how to stay safe on social networks.

To find out more about our extensive range of courses or to arrange a free demo, contact

Further Reading

How Universities can protect themselves from Cyber Attack

about the author

sharing is caring

Share on linkedin
Share on twitter
Share on facebook

you might enjoy reading these

UK GDPR Series Available Now

Privacy is an ongoing concern for every organisation, however, the notion of consent isn’t without its complications. To help organisations navigate data protection protocols, we
Read More »

Seasonal Phishing Templates

Phishing is a year-round activity for cybercriminals, and just like retailers, they use seasonal events as an opportunity to cash in. Seasonal occasions, including St
Read More »

Request Demo

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

  • email you content that you have requested from us
  • with your consent, occasionally email you with targeted information regarding our service offerings
  • continually honour any opt-out request you submit in the future
  • comply with any of our legal and/or regulatory obligations