Blog Archive

Sunday, 5 September 2010

UK Tax debacle becomes target for phishers

Over the next few months, workers in the UK may be informed they can expect a tidy payout or a demand for money, after it was revealed that up to 6 million people have been paying the wrong amount of tax.

As you might expect, scammers have been quick to jump on the payout bandwagon. Here’s an email that dropped into one of the spamtraps yesterday:

From: serviceAThmrc.gov.uk [hmrcATglobalnet.co.uk]
Subject: Please Submit Your Tax Refund

Dear Applicant:

Following an upgrade of our computer systems and review of our records we have investigated your payments and latest tax returns over the past years, our calculations show you have made over payments of 302.25GBP Due to the high volume of refunds you must complete the online application.

Your refund may take up to 6 weeks to process please make sure you complete the form correctly.

In order to process your refund you will need to complete the attached application form.

Note: If you are using Internet Explorer please allow ActiveX for scripts to perform all data transfers securely .

-----------------------------------------------------------------------------
Regards,
HM Revenue & Customs

The email directed me to hmrc(dot)gov(dot)uk(dot)refundhmrc(dot)com/refund(dot)php. The website has since been pulled, but you can guarantee a lot more will be springing up. Here’s the site in question:

fake hmrc site
Click to Enlarge

The website asks for a comprehensive chunk of information including full name, address, DOB, phone number and mother’s maiden name. It also prefills a “Tax file number”, which pops up here in a phishing email from 2009.

Additionally, it seems we can expect the usual deluge of spam mail with infectious attachments so be careful what you’re opening – the UK tax office DOES NOT send out random emails asking for personal information such as the above. Tax refund scam mails have been popular for a long time, but in the current climate of “our tax office has screwed up in spectacular fashion” it seems phishers will be giving it some serious attention.

Christopher Boyd

No comments:

Post a Comment