HMRC phishing scam promises end of year refund

Filed Under: Apple, Data loss, Featured, Phishing, Privacy, Spam

HMRC logoEmails are currently circulating that purport to be sent by the UK tax organization HM Revenue & Customs (HMRC). These e-mails claim that the recipient is eligible to receive a tax refund and that he or she must download an attached file and open it in a browser.

The scam e-mail reads in part:


Dear Taxpayer,
After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of 223.56 GBP.

Please submit the tax refund request and allow us 6-9 days in order to process it.

To access your tax refund, please follow the steps below:

- download the Tax Refund Form attached to this email
- open it in a browser
- follow the instructions on your screen

A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline.

Opening the attached file displays a form which prompts the victim to fill in his or her full name, date of birth, complete address, phone number, and credit card or debit card information.

HMRC phishing form

Of course, submitting the form won't actually send the information to HMRC; it will instead be sent to a malicious third party without the victim's knowledge or approval.

Scam emails purporting to be sent by HMRC are not a new phenomenon; Naked Security has previously warned about similar scams in November 2010 and even in January and February 2009.

The good news for Sophos customers is that the phishing attachment is already detected as Mal/Phish-A by our products, including the free Sophos Anti-Virus for Mac Home Edition.

For those who may be interested, I've written a few additional details about this particular phishing scam on my own security blog.

, ,

You might like

2 Responses to HMRC phishing scam promises end of year refund

  1. DDJP · 1339 days ago

    HMRC will crucify them.

  2. hev · 1339 days ago

    there is an email address on the hmrc website that u can forward these emails to so they can investigate them.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Joshua Long has a master's degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Computer and Information Security. Josh's research has been featured by many fine publications such as CNET, CBS News, ZDNet UK, Lifehacker, CIO, Macworld, The Register, and MacTech Magazine. Look for more of Josh's articles featuring his research and musings on malware and security on his blog, and follow him on Twitter and Google+.