New Phishing Technique for the UK Tax Office

Image (1) uk-tax-refund.png for post 24185

In my previous blog “the Australia Tax Office. However, this time it uses a new technique.

The phishing message doesn’t contain any bogus link or dodgy reply-to field. Instead it has a forged html attachment named “payment_form.pdf”, which when opened, the file looks like a pdf form asking for users’ personal identities and credit card details.

Upon further investigation, the html file includes a dodgy POST HTTP request message (B) which attempts to submit confidential information to a remote website. Also, the file has functionalities to check invalid simple credit numbers and pin numbers (A). Isn’t that smart?

SophosLabs has already blocked this kind of phishing campaign. Certainly we will see more new tricky phishing techniques in the future.