Appriver Detects HMRC Phishing E-Mail

Latest news
Facebook Targeted with Valentine Attack Results in Malware FBI Likely Deployed Spyware for Surveillance on MegaUpload Cidrex Trojan Opens E-mail ids in ‘Yahoo,’ Uses CAPTCHA to secure them E-mail Supposedly Inviting to Conference, Serves Trojan Collaborated Effort towards Evading Spam

Support our Sponsors

uClip Clipping Path Service

Main Menu

Resources

Login
Username Password Remember Me Forgot your password? Forgot your username? Create an account

Syndicate

Popular
Amazon Accountholders get Fresh Phishing E-mail Enterprises Facilitated through Malware Circulation in Government Cyber-criminals Execute e-Payment Malware Assault Eleven Survey Rated Spam the Biggest E-mail Security Threat in Ten Years Websites Diverting End-users onto ‘Blackhole’ Increasing Within Russia: ESET

Trampolines usa

Appriver Detects HMRC Phishing E-Mail

Written by Administrator

Monday, 09 August 2010 09:00

According to Security Company AppRiver, a newly launched phishing scam is dispatching e-mails supposedly from HMRC notifying of a tax refund.

Addressing the recipient i.e., the person paying taxes, the phishing message informs him that a tax re-imbursement of 3,997.32 GBP has been computed in his favor. Also, it informs that to process the tax refund, the Internet banking details of the recipient are required. Hence, he must answer back in 72 hours from the time of getting the e-mail. Moreover, the electronic message warns that in case of failure to provide the necessary information, HMRC will not initiate the tax refund amount that he's liable to get.

Subsequently, the e-mail asks the recipient to follow a given web-link. But on clicking it, the user is first led onto a preliminary landing page and from there he's instantly diverted onto the main phishing site which's an illegitimate copy of the HMRC's original website.

This phishing site exhibits 10 financial service firms' logos. These firms are Lloyds, Barclays, HSBC, Abbey, Halifax, RBS, TSB, NatWest and Alliance Leicester, egg and cahoot. The site directs the user to double-click on the logo which indicates his bank. But the logos are connected with phishing pages that are actually fake copies of the analogous financial service firms' Internet banking systems.

Note investigators at AppRiver that these web-pages appear trustworthy because their creators have lifted the images on them from the original websites of the institutions. Consequently, when users enter their passwords and other log-in credentials into the pages, the details end up into the hands of cyber-fraudsters instead of the bank. Softpedia.com reported this on July 28, 2010.

Highlight the researchers that it's not common to have a phishing scam that takes aim at so many financial institutions simultaneously and therefore requires greater effort for establishing the campaign compared to what typical phishers invest. This is as well why the scammers have utilized redirect codes prior to landing consumers on the ultimate spoofed website.

Thus the researchers advise recipients of the e-mail to avoid the web-link inside the uninvited message so as to remain protected from the scam.

Read full article...