The spam appears to come from HM Revenue and Customs at easyupdate -at- hmrc.gov.uk. It's headed "HMRC - Notification Letter #7747" and, fortunately, its addressee field shows "undisclosed recipients" - which in Mozilla's Thunderbird is usually an indicator of a spam shot.
The letter has a couple of grammatical mistakes but, unfortunately, in the UK's Civil Service, where even some of its PR officers struggle with the basics of the language, poor English is no longer a reliable indicator of authenticity or otherwise.
the mail says " You received a Tax Refund on your Visa or MasterCard. Complete the form, and get your Tax Refund. *(Your refund amount is £203)* _Download and fill out the form attached to this email_ © 2013 - HM Revenue & Customs. All rights reserved"
Attached is an html file which takes users to a tmp directory at /tamaspiros.co.uk.
There is a form which asks for name, address as listed for the account, the card holder name, date of birth, again address, town, "Province / County" (the UK does not have provinces so no HMRC form would include this item), phone number.
Then it asks for Debit Card information, saying that the refund will be made to a debit card (HMRC does not do this - it credits bank accounts), the account number, sort code, the debit card number, expiry date and the security code. Basically, the only thing not asked for are answers to common telebanking security questions.
The simplicity of the message and the fact that the form, when opened, automatically imports HMRC logos so as to look official make this a "Likely to succeed" fraud.
No comments:
Post a Comment