HMRC Tax Refund Phishing Scam Running Out-Of-Season

Christopher Boyd of Malwarebytes Labs recently reported that a new e-mail scam campaign is making rounds trying to steal both payment data and email logins by from UK residents via fake HMRC (HM Revenue & Customs) tax refund emails.

As Boyd says in its analysis of the phishing incident, although UK's season is not here yet, the scammers introduce a sense of urgency by asking the target to request the refund of £542.94 by visiting HMRC's gateway customer portal via a link which expires the next day.

Furthermore, eventhough the crooks say in their fake tax refund e-mail that the HMRC will never request their financial info or e-mail password via such messages, they redirect their targets to a phony Outlook login page to steal their e-mail credentials and to a fake HMRC Refund Status page to exfiltrate their payment details.

No comments:

Post a Comment