Freely subscribe to our NEWSLETTER

"Our research of millions of Internet users shows that the HMRC attacks are twice as successful as banking phishes for the simple reason that taxpayers are tempted by the prospect of a cash rebate direct to their bank account," said Mickey Boodaei, Trusteer’s CEO.

"The `carrot’ of free cash also persuades many Internet users to lower their normal credulity guard and, when they see a choice of bank sites from the `HMRC landing page’ they click on the link and immediately start entering their bank and other personal details," he added.

The net result of this is not, he went on to say, a credit to the recipient’s bank account, but usually a fraudulent debit - or series of debits - that empty the account by cybercriminals.

Mick Paisley, Head of information security and business resilience for Santander, explained: "There is no end to the tricks fraudsters will use to try and pull the wool over the eyes of an unsuspecting public. The nature and timing of this phishing makes it hard for people to ignore the promise of money back from anyone is interesting, the promise of money back from the Tax man is, to many people, far too good to let pass.

"Unfortunately, this type of timely attack could see many people falling for it. We would urge all Alliance & Leicester customers to do all they can to protect themselves. First, be wary when clicking on a link in an email from an external source. Most importantly, our Internet Banking customers should download and install the free Trusteer Rapport software, which protects users from sharing their banking details with these fraudsters, while also allowing us to take aggressive action to take down these criminal sites as quickly as possible."

According to Boodaei, when Internet users receive what appears to be a free cash giveaway, or deal that looks very tempting, the first thing they should do is move away from the computer and make a cup of tea, coffee or another favourite beverage.

They should then sit down with their beverage, fire up a search engine and look for reports of a possible scam on the Net.

For example, he says, entering the words `HMRC tax refund email’ into Google returns a series of links, the first one of which says: HM Revenue & Customs (HMRC) would not inform customers of a tax rebate via email, or invite them to complete an online form to receive a rebate of tax...’

“In much the same way that banks would never discuss sensitive financial matters by email, so revenue and customs would not discuss financial matters such as tax refunds by email. In any event this kind of message also falls into the ‘too good to be true’ category used by online fraudsters,” said Nick Staid, Director, Get Safe Online.

This search engine approach works well with most emails that appear to be too good to be true as the chances are that other Internet users have received a similar message and carried out their own research, the Trusteer CEO explained.

Boodaei says that the rate of HMRC phishing attacks has been pretty constant throughout the year. About 1 in each 3 financial phishing attacks in the UK is targeting HMRC.

The victim lands at a Web page that is similar to the HMRC Web site where they are requested to click on their bank’s logo - most attacks will show logos for 5 to 10 UK banks. When the victim clicks on one of the logos they arrive at a fraudulent Web site that looks like the bank where they are requested to log on.

"It’s at this point their login information is being stolen," he said.

Trusteer has found that HMRC is the perfect phishing target for various reasons:

Firstly it allows the cybercriminals to set one page and one email message that target all banks at once, instead of setting a different message for each bank. This is much more efficient.

Secondly, while many online bankers know not to follow links to their bank’s Web site, a message from HMRC seems less suspicious and less educational effort was put in place not to open HMRC emails.

For these reasons users are more likely to fall prey to HMRC phishing attacks. Many of the phishing pages are hosted on legitimate compromised sites and Trusteer has even seen government Web sites across the world hosting HMRC phishing attacks.

Cybercriminals, says Boodaei, are using automated tools to generate these attacks and therefore they can generate a high volume of attacks in a very short space of time.

As well as using the search engine method of researching the provenance of `emails bearing gifts,’ Trusteer recommends against users clicking on links within emails.

Trusteer recommends that users type in the name of the institution whose Web site you are trying to access. In addition, before submitting login information check that the Web site uses HTTPS and a padlock appears in the Web browser to confirm a secure connection.

"The major banks are using EV-Certificates which means the address bar should turn green and the name of the institution will appear on the bar. Banks employ highly professional security experts and are closely monitoring the problem. Their advice is the most likely to keep you away from fraud," he said.

"Our Trusteer Rapport system now in use by RBS, Natwest, Santander, HSBC, and others constantly monitors HMRC phishing attacks against online bankers. In addition to blocking these attacks and reporting them to subscribing banks, the system is also capable of monitoring attack trends and inform banks of the main threats their customers are facing over time," he added.

"This valuable information allows banks to mitigate these threats in various ways, reducing the level of threat and potential losses."

For Example screenshots of HMRC phishing sites see http://www.eskenzipr.com/files/hmrc1.jpg and http://www.eskenzipr.com/files/hmrc2.jpg