Original URL: http://www.theregister.co.uk/2010/09/07/tax_rebate_scam/
Scammers seize on tax rebates as phishing lure
Fraudsters have wasted no time jumping on news of a tax mix-up in the UK as a hook for scams.
Up to six million people in the UK had paid the wrong amount of tax as a result of HMRC mistakes with employee PAYE codes. Around 4.3 million are due for a refund while 1.4 million face demands* to hand over an average £1,428 each.
GFI Security has already intercepted scam emails informing prospective marks that they ought to apply for a refund by filling in a form on a fraudulent site that poses as an official Treasury site.
"The website asks for a comprehensive chunk of information including full name, address, DOB, phone number and mother’s maiden name," explains GFI security researcher Chris Boyd.
A blog post by GFI Security - containing a copy of the scam email and more details on the attempted con - can be found here. The offending website has been pulled offline but the possibility of copycat scams means surfers need to remain vigilant.
The widespread tax refunds represent a rich seam for miscreants to mine. Other possible tricks, judging from past evidence, could include using promises of a tax refund to make it more likely that scam emails with infected attachments will be opened. ®
*The length of time that has passed since the mistake occurs opens up the possibility for taxpayers to apply against having to pay a refund, as discussed in an article by the Guardian here. ®