Security

Revenue.ie

ISO certification

Revenue's internet facing sites are ISO27001 certified.

Phishing (email scams)

Phishing is a scam where bogus emails are sent to trick you into revealing personal or financial information. A link in the email will take you to a fake webpage which will request personal information such as your:

  • PIN
  • password
  • Personal Public Service Number (PPSN)
  • bank account information.

This information could be used to apply for a credit card or write cheques in your name.

Phishing emails may appear to come from:

  • Government departments such as Revenue
  • banks
  • credit card companies
  • or
  • online shops.

They may contain realistic logos and official-sounding text. They may even carry a warning about phishing.

Note

Revenue will never send emails which require customers to send personal information via email or pop-up windows.

Your myAccount password allows access to your records. Please keep your sign-in details and password secure and do not disclose them to anyone.

A common scam is an email, apparently from Revenue, claiming that you are eligible for a tax refund. It contains a link to an online claim form requesting your personal or financial information, including bank account details.

This type of email does not mean that any of your information has been gathered from Revenue's systems. Email addresses can be found in publicly available sources or generated randomly.

Smishing (SMS fraud)

'Smishing' is a scam where you are sent an SMS (text message) containing a link to a fraudulent website or phone number. The sender is attempting to collect personal information.

Please remember that Revenue will never send unsolicited text messages. If you receive an unsolicited text message purporting to be from Revenue, ignore it.

Secure web pages

All pages on the Revenue website that request personal information are encrypted. You can verify that the page is secure by looking for a padlock icon in your browser. For more information, please see  Further guidance.

MyEnquiries

Use Revenue’ secure online facility ‘MyEnquiries’ for any communication that includes personal or confidential information.

You can access MyEnquiries through:

  • Revenue Online Service (ROS), if you are registered for ROS
  • or
  • myAccount, if you are registered for myAccount or have an existing PAYE Anytime PIN.

Standard (non-secured) email

You should not send personal or confidential information to Revenue by email. Email is sent through public networks, and can be intercepted and read unless it is protected with encryption.

Revenue cannot guarantee that any personal or sensitive data, sent in plain text through standard email, is fully secure. Anyone opting to use this channel is deemed to have accepted any risk involved.

To send personal or sensitive information to Revenue, you should use either:

  • myAccount
  • or
  • standard post.

Personal contacts

Revenue officers, in the exercise of powers on outdoor duty, are required to:

  • identify themselves
  • show their official Revenue issued Identity card
  • and
  • state the purpose of the meeting.

Officers should provide business cards showing the address and telephone number of their office. This information can be used to confirm that the officer is who they say they are.

Next: myAccount and Two-Factor Authentication (2FA)