Money Watch – Personal Finance Blog

Beware Of Emails From HMRC Promising Tax Rebates

Antivirus company Bitdefender has detected a scam hoping to capitalise on over three million people due to start receiving tax refund payouts in the UK from this month. The spam, entitled NOTICE OF TAX RETURN FOR YEAR 2011 contains an HMRC logo, provides financial reference numbers and impersonates an Officer of HM Revenue & Customs.

The phishing scam’s aim is to collect sensitive authentication data to people’s credit card or bank accounts, information possibly already provided to a legitimate company in the process of a tax efile. It usually includes an attached form and advises the recipient that he is owed a tax rebate of £209.87. Once the form has been completed, cyber criminals have access to the vital banking and personal information required for identity fraud or the fraudulent access and emptying of victims’ bank accounts.

This type of tax refund phishing scam was first detected in 2009. It has since undergone several developments in order to maximise its success rate targeted at those expecting to receive tax rebates in 2012. The attached form that accompanies the scam no longer opens using the cyber criminals’ registered domains, but now downloads onto the user’s PC and opens through their local browser. This bypasses the anti-phishing module in local security solutions, allowing it to execute. Bitdefender believes the form is then sent to a domain registered in New Zealand.

“With over three million UK citizens expected to start receiving tax refund payouts from now until October, there is clearly a large audience which could be duped by this convincing phishing scam,” said Catalin Cosoi, Chief Security Researcher at Bitdefender. “The scam is more intelligent than ever before and capable of bypassing many traditional antivirus systems. We advise the public to disregard emails claiming to offer a tax rebate and ensure they have an effective security solution in place.”

The official HMRC site states that it is their policy to “NEVER send notification of a tax rebate by email, or ask you to disclose personal or payment information by email.” Some of the most common examples of fake email addresses / email content or attachments used in tax rebate phishing scams are available to view here.

Exit mobile version