Email phishing, despite being an old hacking method, is still a very lucrative option for many cyber criminals. This time focus is on HMRC with many targeted through an email phishing campaign with the intent to steal users’ logins and payment card details.
New HMRC Email Phishing Tricks Users For Tax Refunds
Researchers at Malwarebytes Labs have uncovered an old phishing trick being exploited in the wild once again. The attackers make use of HMRC email phishing attacks to pilfer email login details and payment data of the users.
The attackers seemingly bait the users by offering tax refunds. To put some pressure on the recipients, they further provide deadlines in their emails for the users to claim said refunds. The emails claim to be from the UKGOV tax office. These emails offer a refund of GBP 542.94 to be sent directly into the customers’ accounts.
How Does It Work
Since only the researchers at Malwarebytes Labs received such an email, they explained about this new HMRC phishing attack in detail. Reportedly, the scam begins by asking the recipient to click on a given link to the “gateway portal”. Upon clicking the link, the user reaches a new page that appears like Microsoft Outlook. Here, the user will supposedly enter their email and password to the login portal. From this point, the attackers gain access to the email login credentials.
Afterward, the user reaches a fake HMRC portal that displays a form. A tricked user would unknowingly begin entering all the details as asked, thus falling a prey to the hackers. The details asked at this stage include users’ name, contact address, contact number, date of birth, mother’s maiden name (a common secret question for most accounts), and card details.
The reason why phishing is still so successful is that most users tend to be more trusting when receiving emails. As in this case, the attackers offer tax refund a typical issue one would come across every few years.
To stay protected from such attacks, make sure you double check the sender’s address before opening emails, additionally avoid following direct links and log in to a website directly.
