UK taxpayers duped by new wave of phishing

9 Jan 2009

Fraudsters are targeting UK taxpayers with scam emails in the run up to the 31 January deadline for self assessment, showing a level of attention to detail that sets a worrying tone for spam in 2009, according to security company McAfee.

HM Revenue and Customs (HMRC) issued a warning to the UK public to be aware of further fraudulent attempts to obtain personal information after the 31 January deadline has passed, when many people will be anxious to hear about genuine tax refunds.

“What separates these scams from phishing attacks of the past is their attention to detail with structure, correct grammar and the professional appearance of the illegitimate website,” said Greg Day, security analyst for McAfee.

“For many years now, cyber criminals have been using topicality and world events in order to make their scams appear valid. However, these scams have often fallen short by attempting to react with speed rather than accuracy.”

Duping users with a site that appears genuine, the most recent HMRC phishing scam alerts consumers they have a tax rebate waiting to be claimed and asks them to provide their details in order to be refunded. The amounts cited are reasonable (around £250), which further strengthens the appeal and validity of the emails.

In the past, phishing scams have offered get-rich-quick type schemes, which immediately set alarm bells ringing. Offering realistic, yet significant, amounts of money as a tax rebate gives these latest emails a sense of legitimacy.

There have been six specific HMRC-focused phishing attacks in January alone, and the HMRC has received over 11,000 reports of fraudulent repayment emails since April 2008.

“Cyber criminals will continue to develop their phishing skills and improve the appearance of their scams in order to lure more victims,” Day said.

“Therefore, consumers must continue to remain vigilant and wary of any requests for personal details or banking information, and not respond to requests for such information sent via email.”

By Sorcha Corcoran