Coupled with the fact that the 31st of July is also an important date for the payment of income tax, Trusteer says that many parents will now be filing in the hope of an extra tax credit.
The danger now, says Trusteer, is that tax credit filers will click on unsolicited emails that look as though they might have been sent by HMRC, and in doing so, may end up infecting their home or office computers.
"Back in February we warned online banking users of phishing and malware infections stemming from emails offering internet users a tax refund. And given that such phishing emails are twice as successful as bank phishing attacks, cybercriminals have realised that an email with HMRC in its message header is a lot more attractive to recipients", said Mickey Boodaei, Trusteer's CEO.
In addition, he says, it's likely that hackers will exploit this interest in tax credits and tax refunds generally, with a rash of infected emails and/or messages with links to infected websites.
"In a recent analysis by Trusteer of a UK specific botnet containing the details of over 10,000 people, we discovered that the botnet operators are actively looking for login information for the HMRC website, as the information found to have been collected by the criminals included HMRC logon credentials and passwords", he said.
"There are various tax and VAT-related scams that fraudsters can run against you once they have access to your HMRC login information", he added.
According to Trusteer, whose browser plug-in software is offered for free by a number of UK online banks, the Rapport software can report attack vectors to subscribing banks, as well as being capable of monitoring attack trends and informing banks of the main threats their customers are facing over time.
Boodaei says that tax credit and HMRC refund phishing emails dangle the `carrot' of free cash at internet users, and persuade them to lower their normal credulity guard.
Then, when they see a choice of bank sites from the 'HMRC landing page', they click on the link and immediately start entering their bank and other personal details.
The net result of this is not, he says, a credit to the recipient's bank account, but usually a fraudulent debit, or series of debits, that empty the account by cybercriminals.