Tax rebate scams get sophisticated

2 Mar, 2011

Hackers get more savvy with their tax rebate scams.

Hackers have upped their game with tax rebate scams, using more sophisticated and automated techniques, a security firm has reported.

Previously, cyber criminals carried out their scams manually, laboriously creating fake websites and attempting to dupe users through spam emails.

However, hackers have now managed to drastically reduce the time it takes to carry out these tax rebate attacks, Imperva said.

From a user’s perspective, not much is different. They receive a phishing email telling them they are in line for a tax rebate and need to follow a link to receive money they are purportedly owed.

The link will then take the user to a forged website, which will ask for personal information.

Below is an example Imperva gave of a typical fake site.

Fake website

Now though, hackers can download a variety of kits designed to help them create spoof websites of popular financial institutions, such as Barclays or Lloyds TSB.

Automation technology has also given them more time to hone their duping skills, rather than having to set their scams up manually.

In one scam seen by Imperva, the hackers used a fake HM Revenue and Customs (HMRC) website with links to spoofed websites of a host of major UK banks.

Imperva called on businesses, rather than consumers, to help fight the phishing attempts.

“Given the persistence and frequency of phishing, especially the resurgence of current tax schemes, we are less hopeful that a consumer-centric solution will have a sufficient impact,” Imperva explained.

“Like it or not, this means businesses will have to bear the burden. Considering the real business impact, enterprises need to know if they are hosting a phishing site.”

Last year, HMRC said it had seen a spike in tax scam phishing emails. It also confirmed the shut down of 180 websites sending out fake tax rebate emails.