HMRC website targeted by phishing attacks
By Asavin Wattanajantra,
Consumers and businesses are being targeted by phishing emails pretending to be from HMRC, which are trying to get users to input confidential credit card details.
Potential victims would receive an email claiming to be from Her Majesty’s Revenue and Custom (HMRC) and offering a link which pretends to be from the HMRC but is in fact hosted on a Chinese website.
This would be identical to the HMRC website, where you would be prompted to enter your full name, date of birth and so on. If you followed it through to the section where it asks you about giving you a tax refund, it will ask you for credit card details and when the process is finished send you to the real HMRC website.
“The only thing that would arise any suspicion would be actual address at the top of the website, which would clearly be from a Chinese domain,” said Paul Wood, senior analyst for MessageLabs, who discovered the attack.
“If you are looking at the information, that should raise alarm bells straight away. There have been more sophisticated attacks with techniques to hide [the address] so it wouldn’t be difficult to make this more convincing."
MessageLabs said the attacks took place over a three-day period starting from 30 June with 33,000 emails addressed to mainly UK recipients. Wood said that the attacks were very similar to US attacks at the beginning of the year spoofing which followed the same tax return pattern.
“The HMRC attacks had a remarkable resemblance to the attacks we had already seen targeting the US, so much so that the content of the message was identical.”
Wood said the nature of the phishing suggested that criminals were using a kit which could ‘screen scrape’ the website so they had a landing page which they could use to conduct the phishing attack.
It also looked like they were using the same templates to write the emails they were using for the previous US attack. Wood said: “It means they are raising the bar when it came to phishing attacks.
“You don’t have to be technically advanced to do this. You could take one of these toolkits and do it yourself by pressing the right buttons, which will do the job for you.”
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
Do British police get cyber security?
Davey Winder listens to telephone conversations between the FBI and the Metropolitan Police, courtesy of Anonymous, and isn't impressed.
- Who to trust after the VeriSign hack?
- Striving to solve the security skills crisis
- Would you employ a hacker or malware writer?
- Q&A: Raj Samani, CTO McAfee
- Erase and rewind: the EU and privacy
- My email address is [CENSORED]
- Is there such a thing as a secure tablet?
- 2011: The year in news
- BYOD: Old or new, good or bad?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- Ubuntu vs. Windows 7 on the business desktop
- York researchers heat storage to speed up data
- BlackBerry Bold 9790 review
- OneNote hits Google?s Android
- O2 trials Olympic-scale remote working
- Will someone rid me of these troublesome Macs?
- Lenovo beats expectations again
- Who to trust after the VeriSign hack?
- Google to promise fairness after Motorola buy
- Report: Google cloud storage coming soon
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
