It is that time of the year again, when we need to be more aware than usual with emails pretending to come from HMRC about Tax returns and Tax refunds. In the UK, you need to submit your Tax Return online before 31st December each year.
Many critics say “But how can anybody fall for these” The email address is obviously fake. Remember many email clients don’t display the full email address, only the senders name, especially in mobile versions.
This one Asks you to create a Government Gateway account and then wants all your personal details, your credit card and bank details. Many of them are also designed to specifically steal your email, Facebook and other social network log in details.
We all get very blasé about phishing and think we know so much that we will never fall for a phishing attempt. Don’t assume that all attempts are obvious. Watch for any site that invites you to enter ANY personal or financial information. It might be an email that says “you have won a prize” or “sign up to this website for discounts, prizes and special offers”
Please read our How to protect yourselves page for simple, sensible advice on how to avoid being infected by this sort of socially engineered malware.
The original email looks like this, and of course at this time of year ( or anytime of year) we all need a few extra pennies and the offer of a tax refund is always welcome. It will NEVER be a genuine email from HMRC so don’t ever follow the links to the fake websites or ( in some versions) fill in the html ( webpage) form that comes attached to the email.
From: HM Revenue & Customs <‘firstname.lastname@example.org’>
Date: Fri 16/12/2016 23:42
Subject: Tax Return
Tax years applicable to claim: 2015/2016 Claim reference: DGF78623581 Amount: 168.40 GBP
You must apply online your unique linked document to complete your claim at www.online.hmrc.gov.uk/DGF78623581
All claims are screened through HM Revenue and Customs to determine if a refund is due. This process typically takes between 4 and 12 weeks. Once this process is complete, if a refund is due, you will receive directly from HMR&C notification of the amount of any refund.
The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free. Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes.
The link in THIS case goes to ‘http://hmrc-gov.tanfor.com/59e627465b15e051a5d2ff632a8fe80b/registration.php?ip=xx.xxx.x.xxx’ where the IP address is your actual IP address
If you follow the link you see a webpage looking like these previous but almost identical examples:
All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email. Whether it is a message saying “look at this picture of me I took last night” and it appears to come from a friend or is more targeted at somebody who regularly is likely to receive PDF attachments or Word .doc attachments or any other common file that you use every day. Or whether it is a straight forward attempt, like this one, to steal your personal, bank, credit card or email and social networking log in details. Be very careful when unzipping them and make sure you have “show known file extensions enabled“, And then look carefully at the unzipped file. If it says .EXE then it is a problem and should not be run or opened.