HM Revenue & Customs 'Account Locked' Phishing Scam
OutlineEmail claiming to be from UK tax agency HM Revenue & Customs (HMRC), warns that your HMRC account has been locked and that you should click a link to complete a verification process.
© Depositphotos.com/ Wavebreakmedia
Brief AnalysisThe email is not from HMRC and the 'account locked' claim is false. The message is a phishing scam designed to trick you into giving your personal and financial information to cybercriminals.
HM Revenue & Customs
For security purposes, your online account has been locked.
To restore your account, please click: Sign in to my Hmrc Account and proceed with the verification process.
Email Claims HMRC Online Account Locked
The email instructs you to click a 'sign in' link to complete a verification process that will restore your account.
Email is a Phishing Scam
The message comes in the form of a graphic. The message includes what appears to be a clickable link in the text, but, in fact, clicking anywhere on the graphic will open a scam website.
When you click the message, you will be taken to a website that hosts a fake web form that asks for name and contact details and credit card information. The bogus form includes the HMRC logo as well as secondary links that point to the genuine HMRC website (see screenshot at end of article).
Rather bizarrely, while the email claims that your must verify your account for security reasons, the fake form supposedly allows you to claim a tax refund. It appears that the scammers have simply reused a fake form from a previous tax-refund phishing campaign.
If you fill in the requested details and click the 'Submit' button, you will be redirected to the real HMRC website.
Meanwhile, however, the information you submitted can be collected by the scammers and used to commit credit card fraud. By submitting your personal data, you may also become vulnerable to identity theft.
Tax Agency Phishing Scams Very Common
Be very cautious of any email or text message purporting to be from the tax agency in your country that claims that you can apply for a refund or verify your account by clicking a link or opening an attached file.
Tax agencies are very unlikely to send out generic, unsolicited emails to citizens that ask for personal and financial information.
Last updated: September 3, 2014
First published: September 3, 2014
By Brett M. Christensen
Phishing Scams - Anti-Phishing Information