The Register® — Biting the hand that feeds IT

Feeds

Scammers seize on tax rebates as phishing lure

Greedy sprats

By John Leyden, 7th September 2010
  • print
  • alert

Customer Success Testimonial: Recovery is Everything

Fraudsters have wasted no time jumping on news of a tax mix-up in the UK as a hook for scams.

Up to six million people in the UK had paid the wrong amount of tax as a result of HMRC mistakes with employee PAYE codes. Around 4.3 million are due for a refund while 1.4 million face demands* to hand over an average £1,428 each.

GFI Security has already intercepted scam emails informing prospective marks that they ought to apply for a refund by filling in a form on a fraudulent site that poses as an official Treasury site.

"The website asks for a comprehensive chunk of information including full name, address, DOB, phone number and mother’s maiden name," explains GFI security researcher Chris Boyd.

A blog post by GFI Security - containing a copy of the scam email and more details on the attempted con - can be found here. The offending website has been pulled offline but the possibility of copycat scams means surfers need to remain vigilant.

The widespread tax refunds represent a rich seam for miscreants to mine. Other possible tricks, judging from past evidence, could include using promises of a tax refund to make it more likely that scam emails with infected attachments will be opened. ®

Bootnote

*The length of time that has passed since the mistake occurs opens up the possibility for taxpayers to apply against having to pay a refund, as discussed in an article by the Guardian here. ®

Ensure Ease of Recovery with Asigra’s Agentless Software

COMMENTS

House Rules Send Corrections
All Reader Comments (7)
Highly Rated
Anonymous John
Reply Icon

Re When will these scammer's (sic), ever learn

Pot, meet kettle.

1
0
Richard Scratcher

When will these scammer's, ever learn

The sample letter on the GFI security page is littered with punctuation errors such as missing full-stops, misplaced and missing commas. The letter begins "Dear Applicant" but the reader isn't an applicant yet.

And why would the UK tax office need use the abbreviation GBP to describe the "over [sic] payment"?

These people are giving HMRC a bad name.

2
1
isurrenderall

I got the exact email

I received the exact same e-mail about 2 days ago. Same e-mail address, same tax rebate amount. Always funny when they send e-mails to hughjass@mydomain.

1
0

More from The Register

breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
15
Panda-peddlers cuffed for chess gambling gambit
More porridge on the menu for Chinese coders after second offence
13
breaking news
Yes, maybe we should keep hackers in the clink for YEARS, mulls EU
Watch out black hats, they just might throw away the key
39
Microsoft borks botnet takedown in Citadel snafu
Stupid Redmond kicked over our honeypots, wail white hats
19