Another Day, Another HMRC Tax Phish…

We could all do with a bit of a tax refund right before the festive season, and wouldn’t you know it – HMRC have helpfully sent me a tax re-calculation to the tune of £496.50!

Or, to put it another way, they totally haven’t.

Here’s the missive in question:

Fake tax refund

It reads as follows:

TAX RETURN RECALCULATION OF YOUR TAX REFUND HMRC 2013 LOCAL OFFICE No. 3819 TAX CREDIT OFFICER: Elaine Andrews TAX REFUND ID NUMBER: 381716214 REFUND AMOUNT: 496.50 GBP

The email is from “Aplicant1”, so hopefully the typo in the sender name would be the first clue that something is amiss (not to mention “compleate the HMRC refund form” – ouch).

Still, free money is always a big hook. There’s an additional email attachment but as the mail was caught in Outlook’s spam trap, we can’t extract to see what it is.

Many of these phishing scams tend to send a HTML copy of the linked website, hoping to snag anybody who doesn’t trust clicking a link but does like the look of a shiny zip file.

As for the website, they encourage you to search for your allocated tax refund via your email, full name and DOB:

Fake HMRC website

Next up: a “Searching” splash, designed to make you think that something is actually being searched for behind the scenes.

Searching...

Finally, we come to the part where they ask you for pretty much everything under the Sun:

Personal info ahoy

Address, city, post code, National Insurance number, bank name, sort code, account number and full payment information for your bank card including the security code.

They mention to wait between five and nine business days to process the refund, by which time they may well have cleaned out a victim’s bank account.

This is the latest in a long line of HMRC scams we’ve seen. Don’t fall for it, and keep your money safely in your bank account.

Christopher Boyd

ABOUT THE AUTHOR

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.