MX Lab Intercepted New Trojan Distribution Campaign Emulating HMRC

A new Trojan e-mail campaign impersonating the renowned taxing agency of UK, HMRC or Her Majesty's Revenue & Customs, was spotted by security experts of MX Lab recently, as published by softpedia.com on 18th December, 2013.

As accords to MX Lab researchers, the e-mails appear to come from employers' @alerts.hmrc.gov.uk with subject line as "HMRC Employer Alerts & Verification" and thank the recipient for his registration details that have been recorded for only purposes of email alerts. The recipient is told that HMRC anticipates sending him three alerts yearly - February, May and December. These emails will give him links to the latest Employer Bulletin and HMRC PAYE Tools (previously the Employer CD-ROM).
Recipient is also instructed to complete all appropriate sections in the application form that come as an attachment and attach suitable documents to corroborate his identity.

In an attempt to sound genuine, the malicious email also reads: 'Do not reply to this email as this mailbox is unmonitored for incoming mail."

The attached file in the email is not an application form but a malicious PDF (Portable Document File) document that releases the malware. Currently, the Trojan is identified by only 5 of the 49 anti-virus solutions available on the Virus Total, notes MX Lab.

Experts note that all details submitted with the fake form will be gathered by cybercriminals and can be employed for identity theft and credit card deceits.

HMRC disassociated from the ongoing email campaign and noted that it shall never send emails of any type like asking to complete attached forms in emails (like in the above case) or ask you to disclose personal or payment information by email.

The experts highlight that to mitigate the chances of being victimized by such swindles, never open any attachments that come along with the email as in the above discussed case.

Moreover, HMRC is not the only taxing agency which has been targeted by cyber crooks recently as in November 2013, the Embassy of the US to Barbados, the Eastern Caribbean and the OECS warned the people to a phishing scam contending to be from the IRS (Internal Revenue Service), had emerged.

» SPAMfighter News - 12/28/2013