14 DAY TRIAL // Security researchers have detected a tax return phishing scam directed at Romanian users, which seems to be in line with a recent trend of localizing such attacks.
The fake emails purport to originate from the Romanian Ministry of Public Finance (Ministerul Finantelor Publice) and are similar in content to the ones commonly posing as notifications from the IRS or HMRC.
Recipients are instructed to access a resource on mfinante.ro, but the included link actually takes them to a phishing page which mimics the ministry's website.
This page displays a form asking victims for their first and last name, address, city, county, credit card number, card expiration date, 3-digit card security code (CVV), personal numeric code (SSN equivalent) and phone number.
According to Sorin Mustaca, a data security expert at antivirus vendor Avira, who analyzed the phishing scam, the rogue website is rather primitive and there is no input validation being performed.
The security expert found the file where form data is being collected. "We have seen some people who apparently entered real information there.
We will hand all these information to the authorities which hopefully will contact the affected persons," he wrote on the company's blog.
The domain used in this latest attack was registered yesterday, but similar emails have apparently been circulating since the beginning of October.
"Beginning with October 5, we have received numerous phone calls from institutions, companies and individuals, regarding the content of certain e-mail messages informing them about being eligible for a tax return, for which they were asked to fill in a form with personal, bank account and credit card details," the ministry said in a notification posted on its website today. [rough translation from Romanian]
"Therefore, we advise those targeted not to act upon these messages and to avoid completing the form with identification or financial information of the organizations they are addressed to," it added.
This wave of Romanian tax return scams seems to be the first of its kind, which is a bit surprising giving that Romania is home to many phishing gangs and cyber criminals.