‘Tax Refund’ Phishing Campaign Targets HMRC Taxpayers
According to the latest news obtained on security, phishers, once again, are attacking taxpayers of HMRC (Her Majesty's Revenue and Customs) through a phishing campaign, just unleashed.
Reportedly, in the freshly introduced phishing scheme, citizens are getting uninvited e-mails, which state that based on the recipient's latest yearly computations of his financial transactions, HMRC has found that there is a tax reimbursement due for him. Thus, the user needs to submit a request for the reimbursement and let HMRC 6-9 days as the time for processing the same.
After this, the e-mails tell the recipients that there could be a delay in the reimbursement owing to various reasons such as submitting incorrect information or applying beyond the closing date.
Finally, the e-mails direct the recipients to click a given web-link so that they can access the request submission form.
But when the link is clicked, the recipients are asked to enter their private information like full name, birth date and e-mail address. Once this is done, the e-mail declares the refund sum as 209.40 pounds but asks for more personal details like residence address and payment card number.
However, the phishing message, which is sophisticatedly designed and well written together with the HMRC's logo and other complete information, shows numerous spelling errors that clearly indicate that the e-mail is spurious.
Meanwhile, on learning about the e-mail fraud, HMRC detached itself from it as well as said that the e-mail was an attempt to commit Internet fraud and hence anyone getting such e-mails must be careful not to answer them or submit any of their private details. Belfasttelegraph.co.uk published this on June 11, 2009.
The agency further said that previously too several e-mail scams were unleashed that used the name of HMRC but actually all were from phishers. Hence, the recent phishing scam wasn't anything exceptional to HMRC.
Thus HMRC advised citizens that if at anytime they received an e-mail that they suspected to be a phishing message then instead of clicking any given link or revealing any detail as a way of response, they must send the e-mail to HMRC's address at firstname.lastname@example.org.
Related article: “Loopholes did not cause online banking thefts”: ICBC
» SPAMfighter News - 18-06-2009