There are several strong signs this could be a phishing or scam email impersonating LEMBAGA HASIL DALAM NEGERI Malaysia/HM Revenue & Customs (HMRC) style tax authorities.
Here are the red flags:
Wrong / mixed terminology : Malaysia’s tax authority is usually referred to as LHDN or IRBM, not “HMRC” (which is the UK tax authority: HM Revenue and Customs).
- The email mixes “Akta Kastam 1967” and “Akta Cukai Pendapatan 1967” strangely in one notice.
- Suspicious short link - ....bttlib [dot] s [dot] gy... is highly suspicious.
Government agencies in Malaysia normally use official domains such as: hasil [dot] gov [dot] my, mytax [dot] hasil [dot] gov [dot] my. Shortened links are commonly used in phishing attacks to hide the real destination.
- Generic formatting
The letter lacks:
official reference number, taxpayer/company name, tax file number (TIN) assessment number, branch office details, formal letterhead
Real audit notices are usually far more structured.
Pressure tactics
“7 working days” plus threats of enforcement are common social engineering tactics to induce panic and rushed action.
Odd signature block
The inclusion of an IC number (“No. KP”) of Director General? in this manner is unusual for official correspondence. Government emails typically contain department contacts, official extension numbers, and verifiable office information.
Language inconsistencies
“Penalti Pentadbiran Cukai”, “Pendapatan boleh cukai kurang dilaporkan”, “Bayaran kurang bagi PCB”
These are technically plausible phrases, but the overall composition reads more like copied/generated text than a formal assessment notice.
What you should do immediately:
Do NOT click the link, Do NOT download attachments, Do NOT reply, Check directly via the official tax portal:
MyTax Portal, LHDN Official Website
Call LHDN directly using numbers from the official website only.
Additional safety steps:
- Hover over the sender’s email address and inspect the real domain, Check email headers for spoofing.
If anyone clicked the link:
- change passwords immediately, enable MFA/2FA, run antivirus scans, monitor bank and tax accounts
Final Verdict : It's a SCAM
No comments:
Post a Comment