Skip to navigation
   
Davey Winder's Blog
RSS

HMRC tax website cloned by scammers

By Davey Winder in Editorial

Posted in Business, Data Protection, Security, Internet on January 7, 2009 at 10:24 am

Permalink | Author Profile

It is that time of year when tax returns have to be filed and payments made. To remind folk of their financial and legal obligations, HM Revenue & Customs (AKA the tax office) have been running a high profile advertising campaign. This uses simple scare tactics to get the message across: file and pay by January 31st or we will fine you £100.

No wonder that the self-employed and small businesses across the UK are getting into a last minute flap to comply. No wonder the phishing conmen have seized upon the annual chaos and confusion to try and scam them out of their valuable financial data.

Yes, it is yet another security warning to kickstart the year. At least this one does not involve Stephen Fry. The Websense Security Labs ThreatSeeker Network has uncovered a sophisticated scam which uses a cloned copy of the official HMRC tax office website, hosted in Denmark and using an identical stylesheet to the real thing, along with convincing email messages to operate the sting.

First comes the email, cleverly advising that the rarest and most treasured of all things, a tax refund, is due to the recipient. “After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of £99.23. Please submit the tax refund request and allow us 3-6 days in order to process it.” It appears to come from the tax office, and contains a link back to the cloned HMRC website. Just as clever, once the mark visits the site and inputs the requested data such as name, address and credit card information they get redirected to the real HMRC tax office site.

Of course, there are a number of warning signs to flag up here that even the terminally idiotic should spot:

1. The tax office never takes between 3-6 days to process a refund, 3-6 weeks is more like it.

2. The tax office is unlikely to be refunding your overpayment into a credit card account, so why ask for this information?

3. The tax office sends good old fashioned printed letters with details of refunds, and payments due. I cannot recall ever having received a single email from HMRC in some 20 years of being self-employed.

12345
Rated: 100% (1 votes)
Loading ... Loading ...

Previous Post | Next Post

 
 
Comments

Comment by Jason Slater - January 7, 2009 on 10:33 am

I saw this very email in my inbox yesterday - it is useful to always hover over links to see where they are actually going rather than where the text says it is going.

Comment by Davey Winder - January 7, 2009 on 10:46 am

I suspect you would not have fallen for it even if the link had not been taking you to some server in Denmark though.

Comment by adaptateur - November 3, 2009 on 7:35 am

these scammers are getting clever and more desperate by the day. you would think the hmrc would be full secured against any type of hacking with all the records and information the have on people.good heads up thou as a fair few people will fall for it

Make a comment

* required

* required

We stop spam using reCaptcha.
Type the words below and click Submit Comment.

   
Tag cloud

disclosure Parenting parental control Finjan banking campaign Kill Switch Video report Rumour politics Election archiving McKinnon Bill Gates Apps Harry Potter betting memory Music search Mobile Phones Jesus Phone development IT virtual world IBM code service scareware computer Texas Instruments BOFH Marketing wifi second life biometrics Jobs Performance computing Amazon home Steve Jobs XP Military web malware iPhone 3G universe copyright open source museum YouTube Analysis fun christmas payments cloud carbon copy Gartner worker Kin China lawsuit USA Education Nexus management hoax hacker banks InfoSec EU staffing patent Licensing technology mail students family ISP Sony trust Patents teleworking smartphone Game crime computing network survey Networks BSI standards Gateway Steve Ballmer graphics GMail Press documentation Paris Hilton terrorism Banned Notebooks Mobile Phone gadgets CAPTCHA Blog Recall meme world of warcraft Application Adobe Kaspersky Texting science Government Porn RATM Vista NASA Google Earth ID Theft holidays Scotland Funny hardware Energy dumb Psion VM snooping Backlash Pirate Intel Software scan NBC Supercomputer Acer Beta Trousers broadband VeriSign Data Centre poll Media Battery Ballmer FBI Facebook ROFL rootkits chips news The Federation ecommerce SSL Spotify Business linkedin Experiment mobile man-in-the-middle fake Advertising Hack Mafia Eee Guardian Big Brother iPad Deal hacking Employment Trojan Top 500 Internet Rant fraud Geeks Retail policy statistics Europe payment server office theft Yahoo workplace Enterprise global earth hour Research Conference Death games President MSN recession fool DNS storage support Linux Programming exploit credit crunch MSNBC hypervisor Children Obama symantec computers console web 2.0 credit card fraud Project remote working football outsourcing Windows Phone 7 Series phishing virtual machine scam spam Twitter privacy Voice desktop black hat stupidity Michael Jackson App spending help Tesco encryption Johnny Depp Microsoft millions remote Browsers SMS green services printing transactional security Digg OS Browser Blogging law money stupid School email Space AMD debian VPN security MiniBook economics work information Netbook Kindle tech e productivity size digitise patch management shopping OCR Apple compromise Nintendo prison innovation xmas books admin MessageLabs Top 10 Review economy Flash Noro nightmare hubdub Madness e-commerce Study social networking adware environment Olympics data protection Meh Windows 7 iPhone 3GS data worm eBook ISPA virus acquisition HPC Android IDC Internet Explorer Cisco HP IP iPod App Store Dell RAM Developers botnet Russia Health migration Army Zango library GSM Palm Gadget Lotus ASUS gaming virtualisation PS3 iPhone Eee PC Psychic Mars monetisation surveys avatar sick Sex Digital Footprint tax Microchip Windows Firefox Palm Pre Opinion Addiction Web Development Architecture Silverlight Google
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement