OFFICIAL SECURITY BLOG
March 31, 2014 | BY Jovi Umawing
Seasons always indicate the beginning of something, and more often than not, new beginnings can bring about some expected danger.
April 6 is a significant date for people in the UK as it marks another cycle of the British Personal Tax year.
Phishers know about this, too, and didn’t waste time in spamming fake emails purporting to be from HMRC to recipients who may or may not fall for their trick.
A tax phish may be a good hook, but it could also work against the scammers because potential victims may already be on the lookout for them. Below is a sample of the campaign we found in the wild:
The contents of this email and any attachments are confidential and as applicable, copyright in these is reserved to HM Revenue & Customs. Unless expressly authorised by us, any further dissemination or distribution of this email or its attachments is prohibited.
We announce you: After the last annual calculation ofyour fiscal activity we have determined that you are eligible to receive a tax refund of 438.65 GBP.
You have attached the tax refund form with the TAX REFUND NUMBER ID: 381721763, complete the tax refund form attached to this message.
To access your tax refund, please follow the steps bellow:
– download the Tax Refund Form attached to this email
– open it in a browser (recommended mozilla firefox or google chrome)
– follow the instructions on your screen
After completing the form, please submit the form by clicking the SUBMIT button on form and allow us 5-9 business days in order to process it.
Our head office address can be found on our web site at HM Revenue & Customs: http://www.hmrc.gov.uk
HMRC Tax Credit Office
TAX REFUND ID: UK381721763-HMRC
Similar to the phishing campaign we found at the end of last year, this one also has an HTML file for an attachment:
In addition to name, DOB, address / city, postcode, account number, card number, expiry date and security code, the phishers are also asking for any Verified by Visa password and an estimated tally of the balance on the card.
Both of these will come in very handy when asked for additional identification depending on what they’re trying to get up to.
A quick Google search on the supposed tax refund ID of “Miss Donnelly” shows that this particular email has been appearing occasionally on inboxes since 2012.
Tax refunds are a common subject for fakes and phishes. Learn to spot the signs.