Tax credit changes are something of a big deal in the UK at the moment, with an expected impact on finances for millions of people.
It’s particularly cruel, then, to see scammers leap onto the bandwagon with promises of tax credit refunds – effectively targeting those already most under threat from potential financial loss. If you’ve clicked on a message along these lines in the last few days, you may want to get in touch with your bank as soon as possible.
The message, which reads as follows, makes use of a Goo.gl shortening URL to redirect victims to what appears to be a compromised website:
Here’s the stats for the shortened URL:
- 731 clicks so far, with the majority of them coming from the UK.
- 440 of those were on iPhone, and 252 were using Android. Just 31 people were browsing via Windows.
- The shortened link is 4 days old, so the scam is pretty fresh.
Here’s the phishing page, located at
savingshuffle(dot)com/hmrc/Tax-Refund(dot)php:
As you can see, they want name, address, phone, email, telephone number, card details, sort code and account number.
Further down the page, they also want some “Identity Verification” in the form of driving license number, national insurance number and mother’s maiden name. There’s also a pre-filled refund amount of £265.48 next to the submit button.
Note that they also say the following:
By the time you end up checking to see if the money has gone in, they’ll likely have tried to clean you out. Given we’re talking about those who might be severely affected by the changes to the tax credits system, this would be quite the blow to say the least (and even if you’re not impacted, it’s still not a nice thing to happen either way). As we pointed out in a recent blog about tax themed scams, HMRC do not send out missives offering refunds.
Steer clear.
Christopher Boyd
