Trusteer Warns of Phishing Scams Targeting HMRC

According to the security vendor 'Trusteer,' an e-mail scam is making rounds on the Internet to exploit tax refund from Her Majesty's Revenue & Customs (HMRC).

Mike Boodaei, CEO of Trusteer, stated that such kinds of phishing or spoofed e-mail scams were two times more effective for cyber criminals compared to the usual bank phishing e-mails, as reported by Infosecurity on February 1, 2010.

Trusteer also reveals that the free cash lure convinces a lot of online users to slacken the security of their systems.

Explaining the phishing scheme, the company states that it begins with taking of victim to a look-alike HMRC web-page. There he is asked to follow his bank's logo by hitting the button among those indicated for 5-10 UK banks. But on doing so the victim lands on a fake site which impersonates the bank. There he is asked to login.

Boodaei states that there has been a constant rate of HMRC related phishing assaults throughout 2009. Nearly one in every 3 financial-based fraudulent e-mail assaults in Britain is related to HMRC.

According to the CEO, cyber criminals are generating these assaults with the help of automated tools. Consequently, it is easy for them to generate numerous assaults in a short period of time.

According to Trusteer, on account of several reasons, cyber criminals consider HMRC as the most appropriate target for phishing. First - it lets them create one web-page and dispatch a single e-mail targeting several banks simultaneously. The method is seriously effective for doing things, notes the security company. Secondly - a lot of Internet users aren't aware of how to pursue web-links for their bank's site. Consequently, an e-mail from HMRC appears rather unsuspicious. Thirdly and lastly, not much awareness has been spread regarding the dangers associated with spurious HMRC e-mails.

Finally, the security company says that taxpayers should know that HMRC or any other institution collecting tax such as the Internal Revenue Service won't ever contact taxpayers through e-mail, unless a citizen himself contacts them likewise. Additionally, users are advised that they should treat arbitrary rebate offers with suspicion.

Related article: TRUSTe Certified Websites May Still Contain Malware

» SPAMfighter News - 2/9/2010