Share

Related Links

Related Stories

Top 5 Stories

News

New HMRC refund phishing scam detected

22 May 2012

Every year our tax details are evaluated by HMRC. Every year, a lucky few get tax refunds; and every year, at that time, the scammers come out to take advantage.

Bitdefender has detected a new HMRC refund phish, version 2012. It comes in the form of an email complete with an HMRC logo. “After the last annual calculation of your fiscal activity,” it states, “we have determined that you are eligible to receive a tax return of : £209.87”

The scam appeals to at least three of the great human motivators: fear (who isn’t afraid of HMRC?); trust (who doesn’t trust HMRC?); and greed (who doesn’t want £200 effectively for nothing?). The phish comes in the attachment: “To receive your return, please complete and submit the Tax Return Form attached to this email...”

But as often happens in scams, the scammer gets some of it wrong. In this instance the logo is reassuring, the spelling is correct, and the grammar acceptable (although the month of 'May' is written 'may'). But the terms are wrong. Tax ‘returns’ are what we complete; tax ‘refunds’ or ‘rebates’ are what the lucky ones receive. Errors like these should put us on our guard. But if they don’t, and we foolishly open and complete any attachment, “cyber criminals have access to the vital banking and personal information required for identity fraud or the fraudulent access and emptying of victims’ bank accounts,” says Bitdefender.

“With over three million UK citizens expected to start receiving tax refund payouts from now until October,” said Catalin Cosoi, chief security researcher at Bitdefender, “there is clearly a large audience which could be duped by this convincing phishing scam. The scam is more intelligent than ever before and capable of bypassing many traditional antivirus systems. We advise the public to disregard emails claiming to offer a tax rebate and ensure they have an effective security solution in place.”

That is exactly the advice given by the real HMRC: “HM Revenue & Customs (HMRC) will never send notifications of a tax rebate by email, or ask you to disclose personal or payment information by email. Do not visit the website contained within the email or disclose any personal or payment information.”

This article is featured in:
Internet and Network Security  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×