HM Revenue & Customs

VAT registered businesses warned to be vigilant against elaborate VAT scam involving bank details

by Berthold Bauer on April 22, 2024

We have been made aware that scammers are targeting VAT registered businesses, by diverting repayments into alternative bank accounts.

The fraud involves either getting access to the Government Gateway account of the VAT registered organisation, or submitting form VAT 484 and changing the legitimate bank details to that of the fraudsters.  Then, once a repayment return is submitted and verified by HMRC, the repayment will be released into the account details held by HM Revenue & Customs – which are now those of the criminals.


How will I know if I’m a victim of this fraud?

In many cases, you won’t – until it’s too late (i.e. you notice the repayment didn’t hit the bank account).

If there is a change to the VAT registration details of the organisation (such as address, bank details, etc) HMRC should(!) write to VAT registered businesses to confirm a change has been made.  The letter will be vague (it won’t say what the change is), but if you have not notified HMRC of a change, receiving this letter should raise concerns and be investigated.


Aren’t there processes in place to stop this?

HMRC should verify bank details (such as checking the name on the account matches the VAT registered business name), but this type of fraud is very sophisticated, and it is possible that some such attempts have been be successful.

What can we do to protect ourselves?

Organisations must be vigilant with their data, and follow internal protocol to protect themselves as far as possible.

Our top tips:

  1. Check the organisation’s details are up to date, including bank details, email addresses, business address, phone numbers, etc. If details have been changed, or there is anything unusual, report it to HMRC immediately and change the Government Gateway password.
  2. Update the organisation’s “authorised signatory” list with HMRC. Remove anyone who no longer has authority to make decisions on behalf of the organisation.
  3. Keep log-in details confidential – there is a lot of data on the HMRC portal, some of it incredibly sensitive. HMRC accounts should only be accessed by those who have a genuine business need.
  4. Periodically change your HMRC passwords (avoiding moving to the next sequential number!). Especially relevant when someone who knows the details has moved on or no longer needs access.
  5. If something doesn’t feel right, investigate it. Better safe than sorry!


Got a burning VAT question? Email our free VAT helpline at

Share this post:
Berthold BauerVAT registered businesses warned to be vigilant against elaborate VAT scam involving bank details

Related Posts

Take a look at these posts

Join the conversation