Phishing attack targets HMRC data loss victims

gallery

Security firm McAfee said it has discovered a phishing attack which appears to target the victims of last year's massive HM Revenue and Customs (HMRC) data breach.

In November of last year, the government admitted that two discs had gone missing in the post containing the records of 25 million child benefit recipients. The records included bank details, insurance numbers and addresses.

Today, McAfee said it has found a phishing attack which offers the email recipient the opportunity to claim a refund of £215 from HMRC - but clicking the link takes the user to a suspect site. Phishing scams impersonate real organisations in the hopes of getting people to disclose personal information.

The attack doesn't seem to use any of the information held on the discs, however, and is merely taking advantage of the news coverage surrounding the breach and playing to people's fears, said Toralv Dirro, security expert in McAfee's Avert Labs.

"I don't think they have the data, as they wouldn't have to do phishing then," explained Dirro. "But because so many records have been lost, it's likely they're taking advantage."

The suspicious site has since been taken down.

Dirro said it's likely the first attack using HMRC, but not the last. The American tax service has frequently been targeted, leading McAfee to belive this has been spurred by HMRC's recent data security troubles. "Now that we've seen this first time attempt, there's always copycats," said Dirro. "We're fairly certain we'll see more copycats in the next couple weeks."

Dirro said the attack was fairly unique in that the offending website was based in Germany, compared to more common locales of China and Russia. As well, the site was a legitimate one which had been hacked. "It appears it was a benign web page which had been hacked into - that's a little bit rare," said Dirro.

He said that suggests the phishers were not particularly sophisticated, as the professionals tend to have their own server setups to keep the site live for longer. "Maybe in this case, it wasn't real professionals, but a possible first-time attempt," he said.

Greg Day, McAfee security analyst, agreed. "Recent high profile data loss incidents have left the public more vigilant about handing over information that has any link to HMRC, so this may not be the most thoroughly considered phishing attack," he said.

But he added that this attack was standard in that it offered free and easy money as bait. "This phishing attack has echoes of traditional get rich quick scams, preying on the desire to be compensated for the government losing their data, but people must learn that there really is no such thing as free money," Day said.

Email to a friend

Print this page