UK Taxpayers Receive Fake E-mails Offering Tax Compensation

Phishers are reportedly trying to dupe British taxpayers into revealing their personal information by running an e-mail scam. The fake e-mails that pose as messages from the HMRC (Her Majesty's Revenue & Customs) present actual contact details so that they may appear authentic.

One typical e-mail informs the recipient that after the yearly calculation of his fiscal transactions, it has been found that he is entitled to get a tax compensation of 283.23 GBP and for that he needs to fill in an attached payment form. Notably, the messages do not have wrong spellings and use convincing and formal language.

Further, the scammers have incorporated warnings and security advice into the e-mails to sound credible. For instance, they say that users should shutdown their browser post the session's completion or that inaccurate inputs would be criminally pursued.

The attachment, named payment_form.pdf.html deceives by posing as a PDF file, whereas it actually represents an HTML web-page. For a user who opens the page, a form is displayed that asks to provide information like birth date, credit card number, CVV2 code and expirations date, all of which could be manipulated for fraudulent activities.

Rik Ferguson, Solutions Architect at Trend Micro, observes that the messages arrive wholly with the right e-mail id of the Tax Credit Office at Preston, UK, along with a helpline number for any query regarding the tax refund, as reported by SoftPedia on July 6, 2009.

Mr. Ferguson further says that an analysis of the e-mails shows that an American template is used for the online form that is evident from the format of the phone number. Moreover, the HTML code shows that the web-form utilizes style sheets that have been adopted from www.irs.gov, Ferguson adds.

Meanwhile, the country's Trading Standards officials are suggesting that the e-mails' recipients should not fill in the form or return it. According to the tax office, the e-mails clearly represent a scam since HMRC never informs citizens about tax refunds via e-mail. Also, the scam e-mails can be easily recognized with the hmrc.co.uk suffix they use in their address rather than hmrc.gov.uk.

Related article: US Passes Baton to Asia in Spam Relay

» SPAMfighter News - 7/24/2009