Share this content
1
3646

Unsuccessful submission for Reference 475-VB22516

spam / virus warning - beware!

I just received a spam email with the subject: Unsuccessful submission for Reference 475-VB22516

It looks just like the emails we get after submitting RTI's. I clicked on the link before I realised, so just warning others. Running my AV now and waiting for the ransom demand! 

Replies

Please login or register to join the discussion.

avatar
21st Jun 2018 14:18

Just had someone contact us with exactly the same email, however, it came in twice within minutes of a submission.
No attachments just a dodgy link it wasn't clicked but still what a coincidence!

Thanks (0)
21st Jun 2018 14:19

Fortunately I thought it odd, as I'd received a confirmation of my last submission long before this.
There are more and more spam emails coming in every day, and I'm really worried that I will click on something or other.
I'm glad I'm on a hosted desktop site, as they try to stop a lot of this stuff getting through, and make dodgy websites inaccessible.

Thanks (0)
21st Jun 2018 14:29

Same here.

NB one way to help protect against this type of spam is to ensure you filter the legitimate emails by the senders address into a folder.

So the "from" email address should be:
[email protected]

If its not filtered, then its probably spam.

You can do the same for your bank and other regular targets.

Thanks (1)
avatar
to ireallyshouldknowthisbut
21st Jun 2018 16:11

Always do this - works really well when I get the emails from directors who need something paying urgently! Always laugh when they are sitting opposit me but, on the face of it, it's their email address' but the Outlook rule helps in not moving it to "their" folders. A handy tip.

Thanks (0)
21st Jun 2018 14:28

+ To RL, the more likely approach will be not to try a ransom, but to gain access to your systems and so submit fake refunds using your client data, or using your agent ID's

Eg find filed return with big tax bill. Amend return. File amended return with their bank details.

This is why its essential not to allow staff (or you) to have pre-filled passwords on their systems for key things such as access to tax return software as it prevents a hacked PC being used remotely in this way.

Other frauds could be to steal your logins and commit a similar fraud.

Thanks (0)
to ireallyshouldknowthisbut
21st Jun 2018 17:25

Hmm, methinks you know too much.

Thanks (0)
avatar
21st Jun 2018 14:35

I had the same email, except it didn't drop directly into my "HMRC inbox" where I keep the submission results. This thankfully gave me the warning I needed.

The email said it came from [email protected].

The top half looks very realistic :-(

Thanks (0)
avatar
By pdt7464
21st Jun 2018 14:38

Me too. I have a client who reckons he can now handle his own payroll so is trying it this month for the first time. I was half-expecting something like this for real. So, like a Wally I clicked on the link before reading it properly. Ah well the AV scan will problably waste 1.5 hours at time I could least afford it.

Thanks (0)
By Locutus
21st Jun 2018 15:15

I received a couple of these around 1 pm today on two different work e-mail addresses that I use, although didn't click through on the links.

Over the last couple of weeks, I have also been receiving lots of fake invoice e-mails with a link to supposedly download the invoice.

The scammers have moved on a lot from the old days when a deposed African army general / wealthy Middle Eastern prince wanted your bank details to deposit $20m!

Thanks (0)
to Locutus
21st Jun 2018 15:23

Yes, it used to be so obvious before. Now in the middle of a busy day, it's easy to be deceived for just that split second required to click a link.

Thanks (0)
to Red Leader
21st Jun 2018 19:27

Completely agree. Its why they do it.

Thanks (0)
avatar
21st Jun 2018 15:32

The good news is that the value of the cryptocurrencies in which you are asked to pay the ransom is dropping like the proverbial South Sea Bubble

Thanks (0)
21st Jun 2018 15:36

The clue is in the format of the reference. HMRC would use "/" and not "-".

Thanks (0)
to SteLacca
21st Jun 2018 15:54

If I'd looked carefully there were other clues as well such as the "from" address and the link address. However as I say it only takes a split second of deception to click on what turns out to be a dodgy link.

Thanks (0)
avatar
By KBAS
21st Jun 2018 17:14

Hi,

The same happened to me today and in a split second, I foolishly click the link. A blank browser opened which I swiftly closed and then ran an AV scan that didn't detect anything but I'm majorly paranoid now :(

Thanks (0)
avatar
to KBAS
22nd Jun 2018 10:11

Which browser do you use?

From what you've described, especially if your AV didn't find anything then it's highly unlikely that anything happened. Do you have a firewall installed also? If so that should theoretically block anything that might have tried to download.

I'm not an expert on the subject but I think broadly speaking there are two ways these scammers could get at you - one is to take you to a screen asking for your login details (which they then steal), the other is to download some software and get you to run it.

If this scam is the former type then you haven't suffered any loss because you haven't given them any details. If it's the latter type, then again it depends on your browser (I recall many years ago Internet Explorer had some facility to download and run an executable automatically, hopefully that's no longer the case) but again, if all you got was a blank screen that you quickly closed then I suspect nothing was downloaded (and even if it was, it would require you to deliberately run it in order to start doing any damage).

Ultimately the best thing you can do is ensure everything important is backed up externally (either on the cloud or on an external hard drive...or both) so that if the worst does come to the worst you can recover it all afterwards.

Thanks (0)
avatar
By KBAS
to Ben Lauritson
22nd Jun 2018 15:12

Hi,

Have done an AV scan 3 times since and nothing has come up so hopefully all is OK. I changed my passwords and backed everything up. I’m use IE. It was just a blank page I got so didn’t input any details or click to download anything. I’m usually so cautious, so annoyed I got caught out this time.

Thanks (0)
avatar
to KBAS
22nd Jun 2018 16:07

I think you'll be fine in that case then.

Unfortunately even the most cautious of us can be caught out - it only takes a moment's distraction or tiredness to allow ourselves to falter. Although not specifically with this type of email scam, I have made similar mistakes on a few rare occasions - like you I'm normally too cautious and savvy to fall for such things but none of us are completely immune unfortunately!

Thanks (0)
21st Jun 2018 20:05

Disable Javascript and block cookies by default.

You then set exceptions for important sites, like Facebook and GMail.

Means if you do go somewhere dodgy, usually nothing happens because nothing can run.

Thanks (1)
to thevaliant
22nd Jun 2018 09:34

thevaliant wrote:

You then set exceptions for important sites, like Facebook .....

Did you mean to say "Then set an explicit block" rather than "Exception"?

Thanks (2)
to SteLacca
22nd Jun 2018 11:20

Errr no.

I have Javascript disabled for ALL websites; and
I have Cookies blocked for ALL websites

I then set 'exceptions' to my rules, to allow Javascript to run on Facebook and for it to set cookies (for instance).

Interestingly, I have Javascript disabled on this website and have never needed to make an exception. I have set an exception to allow cookies (so I can log in) but leaving Javascript disabled on this website doesn't seem to impair functionality.

Thanks (0)
avatar
By SXGuy
22nd Jun 2018 09:55

Got 2 of these emails yesterday. Strangly a few hours after submitting an fps.

Thanks (0)
avatar
22nd Jun 2018 14:49

My husband and I (please bow!) got identical emails on subsequent days. Needless to say we didn't bite...

Thanks (0)
avatar
28th Jun 2018 13:21

Beware! There are variants of this email as we received this one yesterday:

Unsuccessful submission for Reference 039-QV73259

Thanks (0)
avatar
28th Jun 2018 15:07

This is getting worse, just received another malicious email. I have left out the link:

Dear Taxpayer,
We would like to notify you that you still have an outstanding tax refund of 364.44 GBP from overpaid tax from year ending 2016.

* You have until 30 June 2018 to make your claim
* If you will not make the claim until then your money will become property of HMRC

Thanks (0)
Share this content