OFFICIAL SECURITY BLOG
December 10, 2013 | BY Christopher Boyd
If you pay taxes in the UK, please be aware that scammers are currently sending fake HMRC tax refund attachments via email. Here’s the email complete with attachment:
The text reads as follows:
From: HM Revenue & Customs [mailto:refund-taxAT@hmrc.gov.uk]
Sent: 09 December 2013 21:18
Subject: Submit Your Tax Refund
Following an upgrade of our computer systems and review of our records we have investigated your payments and latest tax returns over the last seven years our calculations show you have made over payments of GBP 323.56 Due to the high volume of refunds due you must complete the online application, the telephone help line is unable to assist with this application.
In order to process your refund you will need to complete the attached application form.
Your refund may take up to 3 weeks to process please make sure you complete the form correctly.
To access your tax refund, please follow the steps below:
– download the Tax Refund Form attached to this email
– open it in a browser
– follow the instructions on your screen
HM Revenue & Customs
The info requested from the scammers includes full name, address, date of birth, card number, sort code, account number, telephone, verification code and more.
Once the victim has filled everything in, they’re encouraged to press the “Submit informations” button. One would hope the typo would be enough to raise suspicion in some, but of course it won’t save everybody.
The scammers here are really quite precise with regards the information they’re after. Make a mistake, leave a section blank or type something not to their liking, and…
The form does this for everything – type more or less than a 16 digit credit card number, and it’ll tell you to go back and fix it. Place letters into the phone number? You’ll have to go back and fix it. Make a mess of the sort code / account number? You’ll have to….you guessed it…..go back and fix it.
Here’s the full list of “You’ve been a very naughty boy” from the code:
Hitting the submit button sends the information via form to a .biz URL which appears to be compromised.
HMRC have some advice for those unlucky enough to be sent a phishing mail on their Reporting a Phish page. The golden rule:
Scammers will often send victims malware attachments instead of a phishing mail, so it pays twice over to steer clear of random tax refund emails.
A few weeks before the holidays begin is not a good time to have your bank account cleaned out by a tax phish Scrooge.
Christopher Boyd (Thanks to Dom for sending this over)