Tax Deadlines Create Spikes in Scam Trend Lines
It never fails, as a tax season rolls around whether it be in the United States or Europe, the scams surrounding them really ramp up. Yesterday was no different as we saw a decent sized campaign roll into our filters pretending to be from the HMRC. Seeing as though the HM Revenue & Customs deadline for filing for your tax return is no later than midnight January 31st, the race is on. The scammers see this as an opportunity to possibly catch some people slipping even though this most recent scam is targeting people who are already expecting a refund. This scam unfolds as many do, as an email spoofed to appear as being sent from the HMRC. They have apparently recalculated your return and have discovered that they owe filers a refund of about 244.79 GB. All that is needed is for recipients to open the zipped attachment and follow the instructions. That is after they have to double click once again on the enclosed .HTML document entitled "Tax.Refund.New.Message.Alert.HTML".
If recipients do indeed open this document they will be treated to an .html page that could fool some viewers into believing that they have ended up on a page from the actual HMRC site, even though this is completely local on the victims' machines. The phishing form is your run of the mill variety, with better than average graphics that request all sorts of personal information from the recipient in order to "process their refund". This information includes but is not limited to: Mother's Maiden Name and complete credit card information including CVV.
It doesn't help that most filing of taxes is done online in today's world, in fact, the HMRC will only accept paper tax submissions in very specific situations nowadays. Though they continue to urge taxpayers that the "HMRC will never send notifications of a tax rebate by email, or ask you to disclose personal or payment information by email. If you have received an email claiming to be from HMRC that you suspect may be fraudulent, please forward it to email@example.com." User education and vigilance is very important in today's cyber world, and AppRiver is here to help. We have all known variants of this campaign locked away and out of your inboxes.