Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Phishers exploit HMRC tax error refund, Sophos warns

September 2010 by Sophos

IT security and control firm Sophos is warning computer users to be wary of a spam campaign designed to exploit the widely reported HMRC tax errors.

Tax authorities in the UK are in the process of contacting millions of people, telling them that they have paid the wrong amount of tax. As members of the public wait to be contacted to see if they are due a rebate - or have to make extra payments - they should be careful not to respond to spam emails that offer tax refunds.

Sophos has intercepted emails that claim to come from HMRC with the subject line "You Have An HMRC Refund", that inform the recipient that they have made overpayments.

The email goes on to say that an attached form must be completed before a refund can be processed. Attached to the email is a file called ’Refund-Form.zip’, which contains an HTML file called ’Refund-Form.htm’ which asks for information including credit card details, full date of birth, and mother’s maiden name.

"If you do make the mistake of filling in the form, your confidential data is uploaded to a Chinese server. You’re not going to receive a windfall because of this form - you’ve just been phished," said Graham Cluley, senior technology consultant at Sophos. "The real HMRC website contains advice about scams like this, and clearly states that they would never inform customers of a tax rebate via email, or invite them to complete an online form to receive a rebate of tax. You have been warned - don’t let your eagerness for a tax refund lead you to throw caution to the wind."




See previous articles

    

See next articles