Taxpayers targeted by new phishing scam
HMRC reports that an email scam has come to light which aims to con its customers - taxpayers.
In a classic example of "phishing", the fake email informs the taxpayer that he or she is due to receive a large tax rebate and asks them complete a form online by providing their bank details. Once the unfortunate has completed the form and pressed "submit" it goes, of course nowhere near HMRC.
Phishing is now a major problem, as emails can be made to look totally legitimate. Fraudsters have been especially active and successful with this line of attack in the past couple of years - and most readers will be familiar with the emails from various banks and online retailers requesting they update their details. The banks have not yet found a way of dealing successfully with the problem, and so it is up to customers to be on their guard.
HMRC has been the focus of previous phishing attacks, and unlike phishing messages that arrive from banks where you have no accounts, most adults in the UK have a relationship with the taxman.
In the lastest attack, the bogus message says it comes from “HMRC Premier Services”, with the name Premier Services” in a green box. There is no such organisation and the department advises you to ignore the request. If you are in any doubt, phone the HMRC's helpline or press Delete.
HMRC has been set a programme of online services following the report by Lord Carter of Cole into online services. The phishing exercise is particularly damaging as HMRC have said that they will not push on until their service is safe, secure and properly tested. Ironically, there is an occasion when HMRC ask you to fill in your bank details online - when you file your tax return. Will it be long before phishers start sending out bogus tax returns!
Phishing is not so much a technical problem though as one of education; IT users must stay on their guard, and use appropriate software to protect themselves from this type of spammer.
When I try to reply to phishers, my email programme (Thunderbird) warns me that the website does not look legitimate. In practice these scams are very sophisticated and so it is hard to tell if you have actually been sent to a secure area (which explains the odd looking URL) or are being directed straight into the arms of the fraudsters.
Do you have worries or concerns in this area? Use our
HMRC Online Services survey to tell HMRC all about them.