HM Revenue & Customs Tax Refund Phishing Scam
Email purporting to be from UK tax agency, HM Revenue & Customs claims that the recipient can submit a tax refund request by clicking a link in the message (Full commentary below
False - Message is an attempt to steal information
(Submitted, February 2007)
Subject: HM Revenue & Customs - Notification
Please Note: After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of £170
Please submit the tax refund request and allow us 6-9 days in order to process it.
A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline.
To access the form for your tax refund,click here [Link Removed]
Some UK Residents have been receiving emails that claim to be from HM Revenue & Customs (HMRC). The emails, which have seemingly legitimate HMRC logos and formatting, claim that the recipient can apply for a tax refund by clicking an included link. However, the messages are not from HMRC and are in fact the first part of a typical phishing scam.
Clicking the link in the scam messages will open a bogus website that asks the user to provide bank account details. The fake site has been created to closely resemble the real HMRC website in order to fool victims into parting with their personal information. The site informs victims that they need to provide banking details so that the tax refund can be transferred directly into their account. However, there is
no refund. Any details entered into the bogus web form can be harvested by the criminals operating the scam and used for fraud and identity theft.
HMRC has published information
about this and other scams on its website.
A very similar tax refund scam was targeting Canadian residents
in December 2006 and January 2007. Other tax refund scam messages have been directed against US residents
and claimed to be from the Internal Revenue Service (IRS).
Any email that claims to be from a tax department and asks you to click a link and provide personal information should be treated with caution. No legitimate government tax office is likely to provide tax refund information via an unsolicited email, nor would they ask recipients to follow a link and provide financial information.
Scammers use a large array of ruses designed to trick recipients into surrendering personal information. If you receive an unsolicited email from a government department, bank or other institution that asks you to click an included hyperlink and provide sensitive personal information, then you should view the message with the utmost suspicion. If you have any doubts at all about the veracity of the email, contact the institution directly to check before clicking links in the message or supplying information.
For more details about how phishing scams work, see:
Phishing Scams - Anti-Phishing Information
Known spoofs and phishing attempts
Department of Finance Phishing Scam
IRS Refund Scam Email
Fraudsters target late returns
Last updated: 13th February 2007
First published: 13th February 2007
Write-up by Brett M.Christensen