Phishing Trends to be Aware of : HMRC Tax Refunds
As we fast approach the cut off for Her Majesty's Revenue and Customs tax self-assessment this Wednesday we are seeing more and more spam emails hitting our spam filter and the inboxes/spam filters of our customers. These spam emails work by spoofing the HMRC sender name whilst coming from email addresses consisting of long strings of characters. The problem is, many email clients only show the user the sender name and only display the email address when requested. This is a problem when users get emails promising a tax refund from HMRC with a short time limit to claim it and are too quick to click the link before fully analysing the email.
As you can see in the image above, the email appears to have come from HM Revenue.co.uk, it is only when you open the sender details that the mash of random characters that form the true email source become clear. The email then claims that the receiver is entitled to a hefty sum of almost £350 and should follow the link to the HMRC Customer Portal with their credit/debit card at the ready. The fact you require your card details might ring alarm bells for some but for a large number of email users, they may simply not be aware of the concept of phishing scams such as this and will not think twice before trying to claim their refund.
The worrying thing is this, once you click the link in the email, you can end up looking at a portal that looks almost identical to the true HMRC portal.
The image above is the spoof portal that will collect all the information you provide and send it to whomever sent you the original email. Once you submit your details, they can use these for any number of activities including credit card fraud and total identity theft. The image below shows the true portal which is very similar except for some minor differences in terminology. The key difference is the URL that the form sits on the spoof sits on the leaf-cars.com domain rather than tax.service.gov.uk. Additionally, the true portal's security certificate displays as registered to 'HM Revenue & Customs [GB]' rather than the generic 'Secure' certificate.
So we implore you to check the origins of emails because usually, if it sounds too good to be true then it probably is. For businesses, train your employees to recognise and report this kind of spam and to educate each other on emails that they have seen circulated regularly. What is even more effective is by ensuring you have a fully configurable spam filter to catch these types of email before they even reach the end user.
If spam filtering is something you'd like to talk to us about, call us on 0345 61 26649.