Gov't Tax Error Leads to Widespread Phishing Scam

Dennis Faas's picture

One of the biggest tax errors in British history has led millions of people to pay the incorrect tax to the HMRC (Her Majesty's Revenue and Customs). Even worse: phishers have burst onto the scene looking to cash in on the mass confusion.

HMRC has since attempted to quash fears by promising that all those affected will have their issues rectified via standard mail and NOT by phone or email; however, considering the severity of the situation, many have taken to the Internet to conduct their own research. Once online, curious individuals become susceptible to opportunistic phishing scams.

Legitimate-Looking Phish Tactics

One email discovered by the security software company Sunbelt directed potential victims to a fake HMRC website, asking for personal data, including their full name, address, phone number and mother's maiden name. For an added look of legitimacy, the page also auto-filled a bogus file number.

Security firm Sophos intercepted similar messages, with most containing the subject line "You Have An HMRC Refund" along with an attached form that asks for credit card details (supposedly for reimbursement purposes).

Graham Cluley, senior technology consultant at Sophos, explained what would happen should an unfortunate individual attempt this 'refund' method. "If you do make the mistake of filling in the form, your confidential data is uploaded to a Chinese server. You're not going to receive a windfall because of this form – you've just been phished!" (Source:

Timing Seen as 'Cruel Irony'

HMRC recently warned of an increase in tax scam phishing emails being reported to the government body. HMRC was even responsible for shutting down 180 websites that sent out fake tax rebate messages over a three-month period. In the wake of such positive strides, the timing of the current tax debacle seems like a bit of cruel irony. (Source:

While it is expected that the number of affected North Americans will be low (though the presence of these emails here will likely phish out a few curious individuals) the entire ordeal could serve as an invaluable learning experience for the U.S. and Canadian governments.

| Tags:
Rate this article: 
No votes yet