14 DAY TRIAL // A new phishing campaign sends out emails masquerading as HM Revenue & Customs (HMRC) tax payment refund notifications. The rogue links included in the messages direct users to a website hosting fake login pages for ten different online banking systems.
The new attack was intercepted by researchers from messaging security vendor AppRiver, who report that these phishing emails began hitting the company's spam traps since last week. However, the output has intensified on Monday and yesterday.
The messages claim to be tax refund notifications from HM Revenue & Custom, UK's tax collection agency. The phishers use the HMRC logo to increase the credibility of the emails, which are pretty well formulated for a scam. There is one spelling mistake that gives it away in the first sentence though, which reads “Your tax payment refund thas accrued up to ###### GBP” (where # represent digits).
The emails encourage receipients to click on a link pointing to a redirect script, that eventually lands them on a fake page looking like the real HMRC website. This page displays the logos of ten financial services companies: Barclays, Lloyds TSB, Halifax, Abbey, HSBC, cahoot, RBS, egg, NatWest and Alliance Leicester, and instructs users to click on the one representing their bank.
Each of the logos are linked to phishing pages mimicking the online banking systems of the corresponding institutions. “These pages look much more convincing as the graphics have been lifted from the actual bank sites themselves. The only difference is that your log-in and password are given to the criminals before you are redirected to the bank's log-out page,” the AppRiver researchers, write.
A phishing campaign targeting so many banks at once is not common and requires more effort to set up, than phishers usually invest in their scams. This is probably also the reason why they use redirect scripts before reaching the final phishing site, which they are likely trying to protect.
You can follow the editor on Twitter @lconstantin
