Skip to navigation
   
Davey Winder's Blog
RSS

HMRC tax website cloned by scammers

By Davey Winder in Editorial

Posted in Business, Data Protection, Security, Internet on January 7, 2009 at 10:24 am

Permalink | Author Profile

It is that time of year when tax returns have to be filed and payments made. To remind folk of their financial and legal obligations, HM Revenue & Customs (AKA the tax office) have been running a high profile advertising campaign. This uses simple scare tactics to get the message across: file and pay by January 31st or we will fine you £100.

No wonder that the self-employed and small businesses across the UK are getting into a last minute flap to comply. No wonder the phishing conmen have seized upon the annual chaos and confusion to try and scam them out of their valuable financial data.

Yes, it is yet another security warning to kickstart the year. At least this one does not involve Stephen Fry. The Websense Security Labs ThreatSeeker Network has uncovered a sophisticated scam which uses a cloned copy of the official HMRC tax office website, hosted in Denmark and using an identical stylesheet to the real thing, along with convincing email messages to operate the sting.

First comes the email, cleverly advising that the rarest and most treasured of all things, a tax refund, is due to the recipient. “After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of £99.23. Please submit the tax refund request and allow us 3-6 days in order to process it.” It appears to come from the tax office, and contains a link back to the cloned HMRC website. Just as clever, once the mark visits the site and inputs the requested data such as name, address and credit card information they get redirected to the real HMRC tax office site.

Of course, there are a number of warning signs to flag up here that even the terminally idiotic should spot:

1. The tax office never takes between 3-6 days to process a refund, 3-6 weeks is more like it.

2. The tax office is unlikely to be refunding your overpayment into a credit card account, so why ask for this information?

3. The tax office sends good old fashioned printed letters with details of refunds, and payments due. I cannot recall ever having received a single email from HMRC in some 20 years of being self-employed.

12345
Rated: 100% (1 votes)
Loading ... Loading ...

Previous Post | Next Post

 
 
Comments

Comment by Jason Slater - January 7, 2009 on 10:33 am

I saw this very email in my inbox yesterday - it is useful to always hover over links to see where they are actually going rather than where the text says it is going.

Comment by Davey Winder - January 7, 2009 on 10:46 am

I suspect you would not have fallen for it even if the link had not been taking you to some server in Denmark though.

Comment by adaptateur - November 3, 2009 on 7:35 am

these scammers are getting clever and more desperate by the day. you would think the hmrc would be full secured against any type of hacking with all the records and information the have on people.good heads up thou as a fair few people will fall for it

Trackback by Wenona Coblentz - February 9, 2012 on 5:18 am

greenpeace tee shirts…

[…]well as fencing leader Per Henrik Ling (1777-1839), who examined massage on China[…]…

Make a comment

* required

* required

We stop spam using reCaptcha.
Type the words below and click Submit Comment.

   
Tag cloud

hacker outsourcing e workplace virus prison e-commerce Amazon gaming web 2.0 Kindle spam social networking Study Mafia Johnny Depp help innovation Patents RATM theft compromise NASA Harry Potter DNS books smartphone desktop Press web terrorism poll wifi ISPA HP hacking Google parental control IP politics campaign avatar Obama Netbook Analysis scam adware printing BOFH open source YouTube Texas Instruments PS3 Browser Review Kin money Web Development Windows 7 tech OS carbon copy MSNBC Recall Hack dumb Architecture Backlash Olympics chips VM Education President Eee PC payments debian iPhone 3G earth hour Twitter millions privacy Michael Jackson shopping Palm Pre Advertising virtual machine Linux network Facebook economy Children tax migration CAPTCHA snooping payment server world of warcraft Rumour Energy Lotus teleworking iPod ecommerce Apple recession InfoSec virtual world admin Jesus Phone Game Russia worker Employment Media ASUS malware Experiment Networks Business email worm betting Addiction FBI sick Noro Ballmer Trojan news stupidity Scotland App memory Jobs EU copyright RAM Android surveys VPN Rant Adobe law archiving Dell storage Application graphics Gartner Battery eBook Microchip Space computing Zango Yahoo mail NBC Flash Music digitise Browsers library Health Blogging security Finjan Nexus iPhone 3GS Performance computing linkedin Top 500 Windows Trousers MessageLabs McKinnon Software Project Silverlight credit card fraud Supercomputer lawsuit data protection data stupid Cisco computer encryption Microsoft work universe GMail meme Eee transactional security Kaspersky Programming Spotify Europe xmas holidays hypervisor SMS Kill Switch Conference ISP Blog size spending iPad fraud Voice hubdub patent Military Parenting HPC Research hoax Steve Jobs App Store report scan Porn ID Theft hardware China biometrics services console Firefox Army IDC second life Vista disclosure IBM School Beta gadgets football remote working MiniBook service Notebooks Enterprise search Election Palm development computers Funny Google Earth Internet Explorer AMD patch management monetisation Mars Guardian Meh virtualisation mobile Mobile Phone Intel banking The Federation students Steve Ballmer black hat Deal fun symantec Sex Data Centre botnet christmas credit crunch office Apps cloud Pirate OCR Psychic green environment scareware fake policy Government Licensing Paris Hilton acquisition staffing Acer technology rootkits phishing broadband home Digg Video Marketing Bill Gates information standards Internet crime global Digital Footprint SSL Top 10 Madness banks Big Brother Psion family ROFL Death support IT man-in-the-middle statistics Nintendo MSN management iPhone productivity Developers Texting VeriSign Gateway Retail Banned exploit nightmare GSM Sony Tesco trust Gadget fool Opinion XP Windows Phone 7 Series code USA documentation BSI Mobile Phones museum science remote Geeks games survey economics
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement