14 DAY TRIAL // A phishing attempt directed at citizens in the United Kingdom masquerades as a tax refund notification that needs to be paid to the recipient; scammers seek info that can lead to compromising victims' bank accounts.
The reason for not transferring the money directly into the bank account is that the information provided by the user was inaccurate.The amount of money to be returned is about £100 ($166 / €126).
Christopher Boyd of Malwarebytes reports that in other examples of such a scam, the sum selected as bait by the crooks was three or even four times larger. However, it may be that cybercriminals believe that a lower amount would work better in the scam, because the aforementioned sum is not too large to raise suspicions.
Boyd says that in the scammy message purporting to come from HM Revenue & Customs there is a link to the alleged refund form, which is stored on a compromised German bicycle shop website.
It appears that the crooks use the Ow.ly URL shortening service to mask the link to the malicious repository, which is not common for phishing attempts.
“The fake refund form asks for name, DOB, address, postcode, account number, full card details…all the usual bits and pieces of information required to swipe the payment information,” says the researcher.
Users are advised to double check the source of the message in order to verify the sender. Sensitive personal information is never required by authorities or financial organizations via email; this single detail may be the difference between falling victim to the scam or deflecting it.