HRMC Please Submit Your Payment Refund Phishing Email
 Author: James. |
So, another week and another collection of phishing emails.
This week we're lucky enough to be offered the opportunity to apply for a tax refund!
The first thing to draw our attention is the from field.
customers@hrmc.gov.uk <customers@hmrc.gov.uk>
The from name has two letters swapped - customers@hRmc.gov.uk versus customers@hMrc.gov.uk.
Already your guard should be up!
The subject line is: Please Submit Your Payment Refund.
The body is as follows:
Dear Applicant:
We have reviwed your tax return and our calculations of your last years accounts a tax refund of 178.25 is due
Please submit the tax refund request and allow us 3-6 days in order to
process it.
A refund can be delayed for a variety of reasons.
For example submitting invalid records or applying after the deadline.
Please submit the form attached to your email in order to complete your tax refund
Best Regards,
HM Revenue & Customs
--------------------------------------------------------------
© Copyright 2009, HM Revenue & Customs UK All rights reserved.
TAX REFUND ID: A29R119
So whats the payload as there are no links to follow. Aha - an attachment, Refund-Form.html
This opens a nice little form to enter those personal details and send off to the phishers. Would we get a refund from filling in our details into this form - no.
What quite likely is you will find that you are now the proud owner of a new car using the credit card details requested on the form. Nice.
In summary dont fall for just putting your card details into an unsolicited form without thinking. This type of phishing attack works because you are expecting a refund and get carried away in the moment but as always if its too good to be true it probably is!
Related information
Viewed: 263 times.