Spam campaign exploits the HMRC tax errors

(08/09/2010)

Tax authorities in the UK are in the process of contacting millions of people, telling them that they have paid the wrong amount of tax. As members of the public wait to be contacted to see if they are due a rebate - or have to make extra payments - they should be careful not to respond to spam emails that offer tax refunds.

Sophos is warning computer users to be wary of a spam campaign designed to exploit the widely reported HMRC tax errors. Sophos has intercepted emails that claim to come from HMRC with the subject line "You Have An HMRC Refund", that inform the recipient that they have made overpayments.

The email goes on to say that an attached form must be completed before a refund can be processed. Attached to the email is a file called 'Refund-Form.zip', which contains an HTML file called 'Refund-Form.htm' which asks for information including credit card details, full date of birth, and mother's maiden name.

"If you do make the mistake of filling in the form, your confidential data is uploaded to a Chinese server. You're not going to receive a windfall because of this form - you've just been phished," said Graham Cluley, senior technology consultant at Sophos. "The real HMRC website contains advice about scams like this, and clearly states that they would never inform customers of a tax rebate via email, or invite them to complete an online form to receive a rebate of tax. You have been warned - don't let your eagerness for a tax refund lead you to throw caution to the wind."

Related topics:  Virus, Worm, Email security, spyware and malware 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources