Freely subscribe to our NEWSLETTER

The danger now, says Trusteer, is that tax credit filers will click on unsolicited emails that look as though they might have been sent by HMRC, and in doing so, may end up infecting their home or office computers.

"Back in February we warned online banking users of phishing and malware infections stemming from emails offering Internet users a tax refund. And given that such phishing emails are twice as successful as bank phishing attacks, cybercriminals have realised that an email with HMRC in its message header is a lot more attractive to recipients," said Mickey Boodaei, Trusteer’s CEO.

In addition, he says, it’s likely that hackers will exploit this interest in tax credits and tax refunds generally, with a rash of infected emails and/or messages with links to infected Web sites.

“In a recent analysis by Trusteer of a UK specific botnet containing the details of over 10,000 people, we discovered that the botnet operators are actively looking for login information for the HMRC website, as the information found to have been collected by the criminals included HMRC logon credentials and passwords. There are various tax and VAT -related scams that fraudsters can run against you once they have access to your HMRC login information,” continued Boodaei.

Online banking users can enhance their protection against such an attack by installing Rapport - Trusteer’s online banking protection software, which is offered for free by a growing number of banks – including Alliance &Leicester, Santander, HSBC, NatWest, RBS, and many others - constantly monitors for HMRC and other types of phishing attacks against online bankers and blocks them.

Boodaei says that the free software also report attack vectors to subscribing banks, as well as being capable of monitoring attack trends and informing banks of the main threats their customers are facing over time.

"This valuable information allows banks to mitigate these threats in various ways, reducing the level of threat and potential losses," he explained.

The Trusteer CEO went on to say that tax credit and HMRC refunds dangle the `carrot’ of free cash at Internet users, and persuades them to lower their normal credulity guard.

Then, when they see a choice of bank sites from the `HMRC landing page’ they click on the link and immediately start entering their bank and other personal details.

The net result of this is not, he went on to say, a credit to the recipient’s bank account, but usually a fraudulent debit - or series of debits - that empty the account by cybercriminals.

Mick Paisley, Head of Information Security and Business Resilience for Santander, explained: "There is no end to the tricks fraudsters will use to try and pull the wool over the eyes of an unsuspecting public. The nature and timing of this phishing makes it hard for people to ignore the promise of money back from anyone, but the promise of money back from the Tax man is, to many people, far too good an opportunity to let pass."

"We have seen this type of timely attack before and unfortunately many people have been duped. We would urge all online banking customers to do all they can to protect themselves. First, be wary when clicking on a link in an email from an external source. Most importantly, Alliance & Leicester Internet banking customers should download and install the free Trusteer Rapport software, which protects users from sharing their banking details with these fraudsters, while also allowing us to take aggressive action to take down these criminal sites as quickly as possible. We will be extending the availability of Trusteer to all Santander customers shortly." he added.

According to Boodaei, when Internet users receive what appears to be a tax credit or similar HMRC cash giveaway - or any deal that looks very tempting - the first thing they should do is move away from the computer and make a cup of tea, coffee or another favourite beverage.

They should then sit down with their beverage, fire up a search engine and look for reports of a possible scam on the Net.

For example, he says, entering the words `HMRC tax refund email’ into Google returns a series of links, the first one of which (http://bit.ly/HolvY) says: "HM Revenue & Customs (HMRC) would not inform customers of a tax rebate via email, or invite them to complete an online form to receive a rebate of tax.

Do not visit the website contained within the email or disclose any personal or payment information. HM Revenue & Customs (HMRC) would not inform customers of a tax rebate via email, or invite them to complete an online form to receive a rebate of tax..."

Boodaei says “don’t get too excited if you get an email from HMRC saying you’re owed a tax rebate. These bogus emails are not from the HMRC - which would never inform you of a rebate via email - but from fraudsters trying to get their hands on your personal details."

The Trusteer CEO adds that the rate of HMRC phishing attacks stays fairly constant for most of the year, but that deadlines such as the end of July Tax Credits filing target tend to trigger a surge in HMRC-related phishing emails.

It’s important that Internet users realise that around one in three financial phishing attacks in the UK is targeting HMRC. To counter this, he recommends that users should avoid clicking on links within emails.

"We recommend that users type in the name of the institution whose Web site you are trying to access. In addition, before submitting login information check that the Web site uses HTTPS and a padlock appears in the Web browser to confirm a secure connection," he said.

"The major banks are using EV-Certificates which means the address bar should turn green and the name of the institution will appear on the bar. Banks employ highly professional security experts and are closely monitoring the problem. Their advice is the most likely to keep you away from fraud," he added.

For example screenshots of HMRC phishing sites see:

http://www.eskenzipr.com/files/hmrc1.jpg

http://www.eskenzipr.com/files/hmrc2.jpg