If you pay taxes in the UK, please be aware that scammers are currently sending fake HMRC tax refund attachments via email. Here's the email complete with attachment:
-----Original Message----- From: HM Revenue & Customs [mailto:refund-taxAT@hmrc.gov.uk] Sent: 09 December 2013 21:18 To: UK321712AThmrc.gov.co.uk.com Subject: Submit Your Tax Refund
Following an upgrade of our computer systems and review of our records we have investigated your payments and latest tax returns over the last seven years our calculations show you have made over payments of GBP 323.56 Due to the high volume of refunds due you must complete the online application, the telephone help line is unable to assist with this application. In order to process your refund you will need to complete the attached application form. Your refund may take up to 3 weeks to process please make sure you complete the form correctly.
To access your tax refund, please follow the steps below:
- download the Tax Refund Form attached to this email - open it in a browser - follow the instructions on your screen
Regards, HM Revenue & Customs
Once the victim has filled everything in, they're encouraged to press the "Submit informations" button. One would hope the typo would be enough to raise suspicion in some, but of course it won't save everybody.
The scammers here are really quite precise with regards the information they're after. Make a mistake, leave a section blank or type something not to their liking, and...
Here's the full list of "You've been a very naughty boy" from the code:
HMRC have some advice for those unlucky enough to be sent a phishing mail on their Reporting a Phish page. The golden rule:
- HM Revenue & Customs (HMRC) will never send notifications of a tax rebate by email, or ask you to disclose personal or payment information by email.
A few weeks before the holidays begin is not a good time to have your bank account cleaned out by a tax phish Scrooge.
Christopher Boyd (Thanks to Dom for sending this over)