14 DAY TRIAL // Security researchers warn that phishers are increasingly using a tax refund scam kit capable of creating fake websites for taxation authorities and banks from multiple countries.
The kit was discovered by researchers from M86 Security, while analyzing a tax return phishing attack targeting New Zealand taxpayers.
The rogue emails posed as notifications from the country's Inland Revenue Department, or Te Tari Taake, as it's known to Maori speakers.
"After the annual calculation of your fiscal activity, we have determined that you are eligible to receive a tax refund of 988.50 NZ Dollars.
"Please submit the tax refund request and allow us 2-3 days in order to process it," the fake messages read.
It's worth noting that traditional tax return phishing emails either direct recipients to fake forms on spoofed taxation authority websites, or instruct them to open an attachment.
However, the messages caught by M86 Security, included a link to a fake Inland Revenue Web page, which asked users to select their bank.
Clicking on one of the displayed logos opened a rogue login page for the respective bank's online system.
The financial institutions targeted included Australia and New Zealand Banking Group (ANZ), ASB Bank, Bank of New Zealand (BNZ), Kiwibank and Westpac Bank.
Judging by a readme file found on the rogue server, the pages were generated with a phishing kit created in August by someone using the online handle of "MaxDeMon."
"But Google searching some keywords from the phishing kit, it looks like the kit is used a lot and comes in different variations," the M86 researchers warn, noting that a different version targets the HM Revenue & Customs (HMRC) and several UK banks.
Earlier this week we reported a similar attack against Indian taxpayers, which abused the name of the Indian Income Tax Department and also involved fake websites for numerous financial institutions.