Phishing Scam Strikes HMRC

Websense - a firm that monitors the Internet - is warning that a phishing scam spoofing HMRC (HM Revenue & Customs) is making malicious rounds. HMRC orchestrates the tax system of Britain.

The report states that spam mails are being circulated that promise tax compensation to the recipients and leading them onto the HMRC site through a web link. The recipients are then requested for their full name along with their contact address as well as credit card number so that the compensation can be credited to their account. But on providing the details, the scammers quickly harvest them for selfish gains. The web link mentioned, in reality, takes the user to a rather convincing but fraudulent site that is hosted in Denmark.

Said the bogus e-mail, based on the previous annual computation of the recipient's fiscal activity, it has been determined that he/she is entitled for a tax compensation of £99.23. Therefore, the recipient needs to submit his/her request for the tax compensation whose processing would be done within 3-6 days, the message concludes.

Websense pointed out that the phony website makes use of the same graphics and style-sheet like the actual one that makes it tough to distinguish the two sites.

The firm also stated that it has notified HMRC about the fraud and has temporarily stopped the site's access to users.

Meanwhile, security experts said, the site might cause confusion, as the filing of tax returns in the UK has been fixed at this year (2009) end. They also advised that Internet users maintain up-to-date antivirus software, which, according to them, is the most effective way to keep the fraudsters away.

Furthermore, a spokesman of HMRC said that the e-mail message was a sophisticated effort to commit Internet fraud. Also, the office is making a close liaison with those bodies making efforts to nab and prosecute the culprits of the scam, the spokesman said.

Additionally, HMRC informed on its site that it never notifies tax refunds over e-mail or ask taxpayers to provide credit card or bank details.

Related article: Phishing With A Redirector Code

» SPAMfighter News - 1/13/2009