Revenue fears that up to 3,000 taxpayers have given bank and personal details to fraudsters trying to steal cash by offering people fictional tax refunds.
People have been receiving texts in recent weeks telling them they are due tax refunds and inviting them to open a link to a website which seeks their personal details.
The site is a fraudulent one. A Revenue spokesman explained it was designed to get people’s bank account details and access to their cash.
Revenue has written to 3,000 taxpayers warning them that it has closed their online tax accounts because they may have given this information to the website.
The letter, from Nuala Larkin, Revenue customer service manager, warns taxpayers that their "Revenue MyAccount service may have been accessed by fraudsters, cybercriminals or scam artists".
It also confirms that Revenue never contacts clients by text. “To mitigate any further threat to your personal information, Revenue has temporarily deactivated your MyAccount access,” Ms Larkin writes.
She adds that to regain access, taxpayers should change their passwords. Revenue also recommends that they check recent bank and credit card transactions.
The letter says they should contact their bank to inform them of the fraud, and the Department of Employment Affairs and Social Protection, as they may need to change their Personal Public Service number (PPSN).
Ms Larkin points out that the fraudsters then go on to use these details to get access to the victim’s bank account.
She adds that if any of those targeted provided credit card details in response to a request from the website, then the fraudsters also had this information.
“That was not a message from Revenue even though it was probably made to look like it was from us. It was from fraudsters.”
Revenue letter
John Barron, Revenue's chief information officer, said it wrote to the taxpayers following an investigation of the fraud.
“The nature of this particular type of scam has led to some taxpayers unwittingly compromising the security of their personal MyAccount profile details by providing information such as their PPSN, date of birth, and MyAccount password to fraudsters,” he added.
Mr Barron stressed the security of Revenue’s own systems had not been compromised in any way.
He warned that anyone receiving a text message supposedly from Revenue seeking personal information should delete it immediately.
The official added that taxpayers should access Revenue’s online services only through its website, while they should never provide their account password or security questions if requested to do so.
“Revenue already has your relevant information on file and never asks for these details to be provided via links, pop-up windows, reply text or email,” Mr Barron said.