Written by Sean Maguinness

Marketing Executive

While scams are a risk for everyone, students can be particularly vulnerable. As a generation that spends more time online and engages more in the unregulated world of cryptocurrency, students are more susceptible to a new wave of phishing attacks and online investment fraud. 

Donald Wooller, Customer Protection Lead at HM Revenue and Customs (HMRC) Security, explains: 

  • What is ‘phishing’?
  • The two stages of a phishing attack (seen regularly by HMRC)
  • Signs students can look for to identify an HMRC-branded phishing scam
  • Reporting an HMRC-branded phishing attack

Detective Sergeant Chris Buckingham from the National Fraud Intelligence Bureau (NFIB) at the City of London Police follows by exploring new forms of investment fraud that target students, including: 

  • What is investment fraud and why are students targeted?
  • Types of investment fraud and the role of social media 
  • Fake endorsements for students to be aware of 
  • How to report fraud and financial crime to the police

What is ‘phishing’?

Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal their personal information.

Phishing is one of the most pervasive and persistent forms of cybercrime, with HMRC receiving up to 1 million phishing reports in some 12-month periods. 

Often in the form of an email, phishing scams can pose as a reputable company to make individuals part with their personal and financial information. While phishing is most often associated with emails, it can also come in the form of a text (SMiShing) or over the telephone (vishing).  

Any students who spend a lot of time online can be vulnerable to phishing scams, especially when they come HMRC-branded.

What is an HMRC-branded phishing attack?

An HMRC-branded phishing attack is where a criminal purports to be HMRC, to hijack the tax authority’s credibility, recognition and authority. 

According to HMRC, students can avoid being caught out by familiarising themselves with the process of a phishing attack. These attacks often come in two stages.

The two stages of a phishing attack (seen regularly by HMRC)

Stage 1: a malicious email is sent to a potential victim

When a student receives an email from HMRC asking for financial information, there are a few signs to look out for when determining whether the email is genuine.

Firstly, when scammers pose as HMRC, the email will often take the form of a ‘tax refund’, targeting a victim who might not have had a job previously and might therefore be unfamiliar with the tax system and so more likely to pass over their details to get the refund. 

A malicious link is often attached to encourage the victim to complete a form to ‘get their money back’. From there, the victim is redirected to a fake HMRC tax page. 

Unfortunately, in filling in these forms, the victim unwittingly passes their private financial information on to the criminal.


Stage 2: How a victim’s data is used and spread by criminals

If a student has provided their personal and financial information in response to a phishing email, they should be aware that several things can happen to the data they have provided. 

In many phishing cases, the victim’s data will be spread amongst multiple criminals: 

  • The first criminal (the sender of the phishing email) will most likely use the financial information to take money from the victim’s account
  • From there, the criminal can also sell that information on the dark web to other criminals who may use it for different forms of identity theft
  • In other cases, some phishing emails contain malware that can lead to fraudsters being able to scrape more personal data from the victim as they log onto other private accounts online on the same device

Criminals that produce phishing kits

There are a further group of criminals who profit from phishing scams. Those who send out phishing emails are not always the people who create ‘phishing kits’.

These kits are a set of software tools and code that enable fraudsters to construct and launch phishing attacks. 

The criminals that create these kits make a profit from selling them as a Software as a Service (SAAS) to other criminals. 

In certain cases, these criminals will write code into the phishing kit’s software so that any information taken during another criminal’s scam can be circulated back to them.

Signs students can look out for to identify an HMRC-branded phishing scam

Example HMRC-branded phishing email:

Here are a few things for students to look for so they can discern a scam from genuine HMRC correspondence. 

  • Email address: Students should always start with the email address and take a moment to see whether the email matches an official HMRC email address. Here, it is clear that ‘’ is not an HMRC email and should be treated with suspicion 
  • Strange subject line and bad grammar: Next, looking at the subject line and body of the email for mistakes and grammar errors can be a good way to differentiate between a phishing attack and real HMRC correspondence 
  • Out-of-date branding: If the email has any branding or an email signature, the student should check it alongside the HMRC website. Any branding that is not up to date with current HMRC branding is another cause for suspicion 
  • A link that doesn’t go directly to the GOV.UK website: If a student has missed the signs in the email and clicks a link that brings them to a redirect page instead of directly to GOV.UK HMRC pages, the student should leave the page immediately and not provide any of their personal information

Phishing through social media

Fraudsters also use social media as another avenue for phishing scams. While the platforms being used for the phishing attack may be different, the packaging of the scam will often be the same as over email – promising the student a time-limited financial reward if they hand over their personal financial information. 

Students should be suspicious of social media outreach that promises a ‘get rich quick scheme’ in exchange for personal financial information. 

What, in the short term, can seem like a good risk to take for a potential financial reward can, in the long term, lead to a serious impact on the student’s credit score if it is part of a phishing attack.

Reporting an HMRC-branded phishing attack

HMRC works hard to keep its customers safe by giving them routes for reporting phishing attacks. To help fight these crimes, students should:

  • Forward suspicious emails to
  • Forward texts claiming to be from HMRC to 60599
  • Report tax scam phone calls on GOV.UK  
  • Contact your bank immediately if you think you’ve lost money to a scam, and report it to Action Fraud (in Scotland, contact the police on 101) 

It can be hard for students to report these scams as there can be a feeling of shame and embarrassment associated with being ‘caught out’. 

However, it’s important to help students move away from this stigma, not only so that they can get support themselves if they’ve fallen victim to a scam, but also to help HMRC take down malicious sites and phone numbers and build a larger picture of these scams to reduce future crime. 

Thanks to those using HMRC’s reporting services, HMRC has seen: 

  • Almost 25,000 phishing sites/telephone numbers removed from the public domain between April 23 and March 23 
  • 97% reduction in telephone tax scam reports

What is investment fraud and why are students targeted?

Investment fraud: The illegal activity of providing false information to someone so that they will invest in something. 

Detective Sergeant Chris Buckingham from the National Fraud Intelligence Bureau (NFIB) at the City of London Police explains different forms of investment fraud and how they can be used to target students online. 

According to the NFIB, there have been over 370,000 reports of investment fraud in the past 13 months alone, with over £4 billion worth of reported losses. But there has been a shift when it comes to the age demographics that make up that number. 

Traditionally, a middle-aged demographic would have been more vulnerable to investment fraud because they would have been more likely to have ‘money to spend’ on investments than the younger generation. The price of what would constitute an average investment was also much higher. 

Nowadays, there is a much lower price of entry, as £50-£100 can constitute an investment, making it easier than ever for young people to start investing. There are also new ways to invest online, which appeal to a younger audience.

How the cost of living crisis makes students more susceptible to scams

Students are struggling with money now more than ever, with almost 9 in 10 students (87%) saying they’re worried about their finances.

With the cost of living crisis making everything more expensive and interest rate raises adding to their student debt, students could be more willing to take a ‘punt’ on an investment if it could help them cover rising costs.

Who is most at risk in the student community?

Out of 5,039 reports of investment fraud identified by the NFIB (28% of all investment and pension reports), the average loss was £13,675 (but 63% reported £5k or less). 

Males under 30 are most at risk of investment scams, according to the NFIB, with most victims aged 19-25 years old. This is supported by the findings of Student Money & Wellbeing, which found that male students* are more likely to engage in higher-risk financial activity than their female counterparts on average.

Types of investment fraud and the role of social media

Social media allows fraudsters to extend their investment scams to a younger demographic. Instagram is the most common social media platform for these scams, coming up in 35% of the NFIB’s reports.

While investment advertising used to be done through glossy investment brochures aimed at middle-aged audiences with disposable income, now it takes place on social media, targeting a younger demographic with less to spend.

Investment scams on social media will often also have an element of ‘get rich quick’ – offering a deal or purchase with a time limit. This can be a ploy from scammers to manipulate potential victims into making impulsive choices rather than taking the time to think. Stay wary of any opportunity that comes with a time limit attached.

‘Education’ style investment fraud

There has been a recent rise in the ‘education sector’ of investment scams. This is when a fraudster will pose as an investing mentor. Often making contact with potential victims through social media and offering to ‘teach’ them how to invest.

Criminals will then offer to trade on their victim’s behalf, asking for access to their computer, installing remote access tools and continuing to install different types of applications from there.

Cryptocurrency fraud

Cryptocurrency is currently the most common commodity in investment scams, making up 45% of the NFIB’s reports. The fact that cryptocurrency is unregulated creates a good opportunity for fraudsters to take advantage. 

It’s also a commodity that is regularly advertised on social media. On platforms like Twitter, where the value of different types of crypto ‘coins’ are constantly being discussed, it isn’t hard for fraudsters to manipulate the narrative and reach out to a younger audience.

Romance and dating investment fraud 

Social media has also allowed investment fraud to crossover and blend with other types of fraud. For example, as meeting people over social media has become more common and dating apps more popular, investment fraud can now also blend into romance and dating fraud. 

This usually takes place when one party in the relationship advertises a certain investment opportunity to another, which ultimately becomes a scam. 

With today’s young people having regular contact online before meeting in person, students should stay extra vigilant when speaking to a stranger who begins to advertise some sort of joint venture or business opportunity online.

Celebrity and influencer endorsements

Fraudsters will often look to weave celebrity endorsements into their scams, especially those with the trust of a younger audience. 

For example, scammers often leverage Elon Musk’s endorsements of cryptocurrency to gain buy-in from a younger group of victims. 

Or, in some cases, endorsements are used by celebrities who have never made them in the first place, with Dragons Den panellists Deborah Meaden and Peter Jones being used to endorse bitcoin falsely. 

Celebrities like Martin Lewis have made public statements to make it clear they ‘don’t do ads’ to help their followers avoid scammers. However, these statements can still be easy to miss for students who don’t follow these public figures closely.

How to report fraud and financial crime to the police

In summary: top tips to help students avoid scams

From the City of London Police: Be vigilant

Be Vigilant

Whenever possible, students are encouraged to do as much research as they can when considering investing. Especially when interacting with unregulated forms of investing like cryptocurrency. 

If staff and students want to be aware of the most prevalent forms of fraud, here is the police’s public dashboard: fraud statistics.


For staff, it is essential to de-stigmatise the feeling of shame a student could feel after getting tricked by a fraudster.

Students can also take the option to report a scam anonymously by following the process outlined here: Action Fraud.

From HMRC: Be alert


Even a brief pause can be the difference between being scammed and not. If unsure, call back on a genuine number or visit GOV.UK. To learn more about dealing with HMRC fishing scams, click here.


It’s ok to reject, refuse or ignore any requests – only criminals will try to rush or panic you. Search ‘scams’ on GOV.UK information.


Report suspicious contact on GOV.UK or to Or, to learn more about HMRC scams, click here.

Watch the recording

Watch the recording from our CPD-accredited staff training webinar on scams staff need to be aware of with expert speakers Donald Wooler, from HMRC security, and Detective Sergeant Chris Buckingham, from the NFIB.

More info

You can download the slides from the webinar here.

Don’t forget to sign up to our staff email newsletter to get all the latest blogs, news and updates to help you support students and their financial wellbeing.

*When referring to males and females throughout this report, this is in reference to people who chose to identify as either male or female at the beginning of the survey

Staff newsletter

Subscribe to get all the latest blogs, resources and updates


By entering your email you agree to sign up to the Blackbullion staff newsletter and receive email communications from Blackbullion. We never spam! You can unsubscribe at any time. Your data will be handled as detailed in our Privacy Notice.

Interested in becoming
a Blackbullion partner?

Choose a time that works for you to speak to a member of our team for a chat or a live demo.

Book a call

Download info pack

Get your copy of the PDF that summarises what we do, which you can share with colleagues.

Download now

Send us a message

Ask any questions you may have and we’ll get back to you as soon as possible.

Get in touch