Tax Deadlines Create Spikes in Scam Trend Lines

It never fails, as a tax season rolls around whether it be in the United States or Europe, the scams surrounding them really ramp up. Yesterday was no different as we saw a decent sized campaign roll into our filters pretending to be from the HMRC. Seeing as though the HM Revenue & Customs deadline for filing for your tax return is no later than midnight January 31st, the race is on. The scammers see this as an opportunity to possibly catch some people slipping even though this most recent scam is targeting people who are already expecting a refund. This scam unfolds as many do, as an email spoofed to appear as being sent from the HMRC. They have apparently recalculated your return and have discovered that they owe filers a refund of about 244.79 GB. All that is needed is for recipients to open the zipped attachment and follow the instructions. That is after they have to double click once again on the enclosed .HTML document entitled "Tax.Refund.New.Message.Alert.HTML".

If recipients do indeed open this document they will be treated to an .html page that could fool some viewers into believing that they have ended up on a page from the actual HMRC site, even though this is completely local on the victims' machines. The phishing form is your run of the mill variety, with better than average graphics that request all sorts of personal information from the recipient in order to "process their refund". This information includes but is not limited to: Mother's Maiden Name and complete credit card information including CVV.

Once the information is entered, some javascript runs to make sure that the information entered matches proper formats required such as date structure and known credit card algorithms, and once this test is passed, the info is shipped off to the attackers and the victims are redirected to the actual HM Revenue & Customs website hopefully in their eyes, none the wiser. Several informational links at the bottom of this form also lead to the legitimate HMRC site to add to the deception.

It doesn't help that most filing of taxes is done online in today's world, in fact, the HMRC will only accept paper tax submissions in very specific situations nowadays. Though they continue to urge taxpayers that the "HMRC will never send notifications of a tax rebate by email, or ask you to disclose personal or payment information by email. If you have received an email claiming to be from HMRC that you suspect may be fraudulent, please forward it to phishing@hmrc.gsi.gov.uk." User education and vigilance is very important in today's cyber world, and AppRiver is here to help. We have all known variants of this campaign locked away and out of your inboxes.