Users are tricked into handing over credit card details

Sep 12, 2013 19:06 GMT  ·  By

A new variant of an HMRC phishing scam that’s been making the rounds since at least 2009 is still seen landing in inboxes.

The emails are entitled “Tax Refund Notification” and they read something like this:

“Following an upgrade of our computer systems and review of our records we have investigated your payments and latest tax returns over the last three years our calculation show that that your have made over payments of GBP 323.52

Due to high volume of refunds due you must complete the online application, the telephone helpline is unable to assist with this application. In order to process your refund you will need to complete the application form attached to this email. Your refund may take up to 6 weeks to process, please make sure you complete the form correctly.

NOTE: If you've received an Income Tax 'repayment' it will either be following a claim you've made or becouse HM Revenue & Customs (HMRC) has received new information about your taxable income or entitlement to allowances. The refund may come through your tax code or as a payment and could relate to the current tax year or earlier years.”

According to Hoax Slayer, when users click on the links from these emails, they’re taken to a cleverly designed HMRC phishing website.

Here, victims are instructed to enter their name, date of birth, mother’s maiden name, address, phone number, bank name, debit/credit card number, expiration date, CVV, and the VerifiedByVisa/MasterCard secure password.

The information is more than enough to allow cybercriminals to commit identity theft, make purchases with the victim’s credit card, and perform other fraudulent transactions.

Unfortunately, such classic scams are still successful. That’s why it’s important for users to be extra careful when asked to hand over personal and financial information.

Legitimate organizations will never ask you to disclose credit card information, unless you’re making a purchase on their genuine websites. The transactions on these genuine sites are in most cases protected by a https connection indicated by the padlock icon in the browser’s address bar.