The tax refund phishing scam – pretending to be from HM Revenue & Customs – has been reinvented for years now at this time of year and has regularly resurfaced in successful campaigns targeting UK, US and Australian citizens alike.
The scam emails promise users hundreds of pounds, then silently steal sensitive authentication data either through phishing forms or by deploying infected code such as Zbot onto people’s systems.
These illegal e-mails have an official appearance with subject tag lines such as ‘Recalculation of your tax refund,’ ‘HMRC: tax refund,’ ‘HMRC: Please submit the tax refund form!’; ‘Tax refund notification’ or ‘Private & Confidential HMRC: Annual Tax Refund.’ The messages contain either links that open fraudulent websites or fake registration forms sent as attachments to collect sensitive data about taxpayers that will eventually help fraudsters impersonate the innocent in deceitful operations.
“We know it’s the beginning of the UK tax season when spammers start sending Brits false tax refund forms by e-mail in order to steal identities and financially-related information,” states Catalin Cosoi, Chief Security Strategist at Bitdefender. “Once someone gives away key information such as full name, date of birth, address, phone number, card number and expiry date and security code, there is no stopping the crook from steering victims’ money towards their accounts.”
Bitdefender found that some of the scam e-mails were delivered with a phishing form while others came with a malicious attachment that, once opened, would steal credentials from FTP accounts (used to harbour malware), Bitcoin wallets or information on e-mail clients and browsers. Others were able to download the Zbot banking Trojan by contacting other compromised systems via a Peer to Peer connection.
The official HMRC site clearly states that notifications of tax rebates are never sent by email and that taxpayers will never be asked to disclose personal or payment information by email. The site also includes samples of tax rebate-related bogus e-mails, the most common lures and a selection of fake email addresses used to distribute tax rebate emails.