Phishing attack targets HMRC data loss victims
By Nicole Kobie,
Security firm McAfee said it has discovered a phishing attack which appears to target the victims of last year's massive HM Revenue and Customs (HMRC) data breach.
In November of last year, the government admitted that two discs had gone missing in the post containing the records of 25 million child benefit recipients. The records included bank details, insurance numbers and addresses.
Today, McAfee said it has found a phishing attack which offers the email recipient the opportunity to claim a refund of £215 from HMRC - but clicking the link takes the user to a suspect site. Phishing scams impersonate real organisations in the hopes of getting people to disclose personal information.
The attack doesn't seem to use any of the information held on the discs, however, and is merely taking advantage of the news coverage surrounding the breach and playing to people's fears, said Toralv Dirro, security expert in McAfee's Avert Labs.
"I don't think they have the data, as they wouldn't have to do phishing then," explained Dirro. "But because so many records have been lost, it's likely they're taking advantage."
The suspicious site has since been taken down.
Dirro said it's likely the first attack using HMRC, but not the last. The American tax service has frequently been targeted, leading McAfee to belive this has been spurred by HMRC's recent data security troubles. "Now that we've seen this first time attempt, there's always copycats," said Dirro. "We're fairly certain we'll see more copycats in the next couple weeks."
Dirro said the attack was fairly unique in that the offending website was based in Germany, compared to more common locales of China and Russia. As well, the site was a legitimate one which had been hacked. "It appears it was a benign web page which had been hacked into - that's a little bit rare," said Dirro.
He said that suggests the phishers were not particularly sophisticated, as the professionals tend to have their own server setups to keep the site live for longer. "Maybe in this case, it wasn't real professionals, but a possible first-time attempt," he said.
Greg Day, McAfee security analyst, agreed. "Recent high profile data loss incidents have left the public more vigilant about handing over information that has any link to HMRC, so this may not be the most thoroughly considered phishing attack," he said.
But he added that this attack was standard in that it offered free and easy money as bait. "This phishing attack has echoes of traditional get rich quick scams, preying on the desire to be compensated for the government losing their data, but people must learn that there really is no such thing as free money," Day said.
advertisement
Latest Internet Features
Q&A – Tom Ilube, head of Garlik
The chief executive of identity management provider Garlik discusses how to keep yourself and your information safe online.
- Ten of the most infamous ‘black hat’ hackers
- What next for Microsoft?
- Becta, open source and education: Too little, too late?
- Working 9-5: Not a way to make a living?
- Managing the public face: Why perception is king in IT
- Who'd be an ISP?
- The impact of the Eee PC
- Creating a mobile data management policy
- How Google is redesigning your data centre
Latest Internet Reviews
Acer Aspire One
Rating: 
advertisement
Latest News Videos in Internet
Video: Q&A with HTC chief Peter Chou
PlayThe company that brought us the XDA phone is at it again, and should give both Apple and BlackBerry a run for their money.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?