The spam appears to come from HM Revenue and Customs at easyupdate -at- hmrc.gov.uk. It's headed "HMRC - Notification Letter #7747" and, fortunately, its addressee field shows "undisclosed recipients" - which in Mozilla's Thunderbird is usually an indicator of a spam shot.
The letter has a couple of grammatical mistakes but, unfortunately, in the UK's Civil Service, where even some of its PR officers struggle with the basics of the language, poor English is no longer a reliable indicator of authenticity or otherwise.
the mail says " You received a Tax Refund on your Visa or MasterCard. Complete the form, and get your Tax Refund. *(Your refund amount is £203)* _Download and fill out the form attached to this email_ © 2013 - HM Revenue & Customs. All rights reserved"
Attached is an html file which takes users to a tmp directory at /tamaspiros.co.uk.
There is a form which asks for name, address as listed for the account, the card holder name, date of birth, again address, town, "Province / County" (the UK does not have provinces so no HMRC form would include this item), phone number.
Then it asks for Debit Card information, saying that the refund will be made to a debit card (HMRC does not do this - it credits bank accounts), the account number, sort code, the debit card number, expiry date and the security code. Basically, the only thing not asked for are answers to common telebanking security questions.
The simplicity of the message and the fact that the form, when opened, automatically imports HMRC logos so as to look official make this a "Likely to succeed" fraud.
Monday, June 17, 2013
Phishing is a taxing issue
Tax credits claimants in Wiltshire are being warned by HM Revenue and Customs (HMRC) in the run-up to the renewal deadline about scam or “phishing” emails sent out by fraudsters.
During last year’s tax credits renewals period, from April to July, nearly 22,000 phishing emails were reported to HMRC.
Although the department worked with other agencies to shut down more than 147 scam websites during the period, others continue to be created.
Phishing emails often promise money back and, if the recipient clicks on a link, they are taken to a fake replica of the HMRC website. They are then asked to provide credit or debit card details or other sensitive information such as passwords. The fraudsters then try to take money from their account.
Money may be stolen from victims’ bank accounts, or their personal details can be sold to criminal gangs, leading to possible identify theft.
If someone believes that they have been the victim of an email scam, they should report the matter to their bank or credit card issuer immediately. Anyone in doubt should check with HMRC at hmrc.gov.uk/security/fraud-attempts.htm
During last year’s tax credits renewals period, from April to July, nearly 22,000 phishing emails were reported to HMRC.
Although the department worked with other agencies to shut down more than 147 scam websites during the period, others continue to be created.
Phishing emails often promise money back and, if the recipient clicks on a link, they are taken to a fake replica of the HMRC website. They are then asked to provide credit or debit card details or other sensitive information such as passwords. The fraudsters then try to take money from their account.
Money may be stolen from victims’ bank accounts, or their personal details can be sold to criminal gangs, leading to possible identify theft.
If someone believes that they have been the victim of an email scam, they should report the matter to their bank or credit card issuer immediately. Anyone in doubt should check with HMRC at hmrc.gov.uk/security/fraud-attempts.htm
Subscribe to:
Posts (Atom)