Phishers jump on HMRC tax blooper

Phishers have been sending out emails based on the tax blunder affecting millions in the UK.

Phishing

Fraudsters have leapt on the chance to initiate a phishing scam based around the tax error debacle.

Millions are thought to have paid the wrong tax and HM Revenue and Customs (HMRC) will be contacting the affected people this month, but only via post.

Phishers, as is often the case, have made the most of a big news story and sent out messages pretending to be from the HMRC.

"Tax refund scam mails have been popular for a long time, but in the current climate of our tax office has screwed up in spectacular fashion' it seems phishers will be giving it some serious attention," said Christopher Boyd, Sunbelt Software's senior threat researcher, in a blog post.

One email intercepted by Sunbelt took the target to a fake HMRC website, asking for personal data, including a full name, address, phone number and mother's maiden name.

The page also auto-filled a tax file number box in its bid to convince users of the site's supposed legitimacy.

Boyd said people can expect a "deluge of spam mail with infectious attachments," noting the UK tax office does not send "random emails asking for personal information."

A fraudulent file

Sophos has also spotted similar emails, many containing the subject line "You Have An HMRC Refund" and an attached form that asks for data such as credit card details.

"If you do make the mistake of filling in the form, your confidential data is uploaded to a Chinese server," said Graham Cluley, senior technology consultant at Sophos.

"You're not going to receive a windfall because of this form - you've just been phished."

HMRC told IT PRO affected people will not be contacted by email or phone, and will not be asked to send personal information to anyone.

Last month, HMRC reported a spike in tax scam phishing emails being reported to the Government body.

It had shut down over 180 websites sending out fake tax rebate messages over a three-month period.

Featured Resources

Seven steps to connect and empower your frontline workers

How business leaders can improve communication with a secure platform

Free download

Create what’s next

The future of collaboration and productivity

Free Download

Leveraging the cloud without relinquishing control

Your data. Their cloud.

Free download

Re-architecting for nonstop innovation

Unlocking productivity, scalability, and lower costs for cloud natives

Free Download

Recommended

Education and government most at risk from email threats
phishing

Education and government most at risk from email threats

26 Nov 2021
Investors warned to be vigilant of fake SEC alerts
cyber crime

Investors warned to be vigilant of fake SEC alerts

22 Nov 2021
Attackers use CSS to fool anti-phishing systems
phishing

Attackers use CSS to fool anti-phishing systems

11 Nov 2021
FBI warns scammers are using cryptocurrency ATMs to siphon cash
cryptocurrencies

FBI warns scammers are using cryptocurrency ATMs to siphon cash

5 Nov 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
How to speed up Microsoft's Windows 11
Microsoft Windows

How to speed up Microsoft's Windows 11

9 Nov 2021
Nike to take customers into the metaverse with 'NIKELAND'
virtualisation

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021