A detailed tax refund phishing scam is hitting inboxes around Ireland, Eset says.
Cybersecurity firm Eset has issued a warning over an email phishing scam that could allow criminals to access financial information from unwitting victims.
The email, purporting to be from Revenue, reads: “Due to a technical issue, we are unable to process your tax refund and the procedure is currently on hold. In order to resume the process please follow the instructions detailed on our dedicated site 24/7 to get your tax refund now.”
A convincing scam
Clicking on the link within the email takes the victim to a credible-looking fake Irish tax and customs page, which is even using the ‘https’ signifier to make its site look credible. While there is an additional element in the address that indicates it may be fake, few people actually read the full addresses of the sites they frequent with an eagle eye.
The site then asks the user for the name on their credit or debit card, as well as the funds currently available on it. If this data is entered, the next page asks for the rest of the card details. This could enable cybercriminals to exploit the person directly or even engineer other scams, potentially draining the account of the target.
Revenue phishing scams are becoming sophisticated
At the end of the page, it displays what appears to be refund details for €469.24, using the name of Allied Irish Banks to make the scam appear more legitimate. Cybercrime analyst Urban Schrott noted that scams relating to Revenue have been ongoing for many years now and criminals are continuing to perfect their techniques.
He said the perpetrators are “fine-tuning and optimising their scamming techniques to appear more credible and trustworthy, making it harder for their victims to detect the scam in time and avoid it”.
Eset advises users to delete the email without clicking on any links, and mark it as spam. It also added that warning friends and family about the racket is important.