Connect with us
Our website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Top Stories



with personal information and credentials the target

As the Self Assessment Tax Return deadline looms in the UK, PhishMe has warned of phishing messages, purporting to be from HM Revenue and Customs (HMRC) circulating. While the number of campaigns* circulating in 2015 has decreased against previous years, the messages themselves still pose a threat due to their sophisticated and devious nature. It’s worth noting a recent deviation is, instead of spreading malware, the scammers are trying to directly spoof individuals into handing over their personal information.

The research team at PhishMe has seen a great number of these phishing emails in the last several years according to threat analysts Ronnie Tokazowski, Heather McCalley and Brendan Griffin.  Ronnie explains, “HMRC spoofed messages have been circulating for a number of years. With the deadline for self-assessment in the UK this weekend, the opportunity for scammers to spoof unsuspecting individuals under pressure to file their return before the cut-off point is a real possibility once again. In recent months we’ve seen two separate HMRC inspired campaigns circulating that were both used to deliver a malware known as Pony – a password stealer; and a key-logger – that records what a person types on the keyboard. In 2015 there was a definite spike in HMRC messages during the first four months of the year and, while data is still being collected for 2016, we envisage that spammers will be looking to capitalise on the UK’s tax season once again”

Once the deadline has passed, scammers often change tactics and will try to spoof users with messages of rebates. A theme PhishMe has already seen tried according to Heather: “Last February, scammers adapted their messages with the promise of a refund as a result of overpaid tax. However, instead of secreting malware, the messages were a credential phish seeking to collect personal information under the guise of HMRC contact. The recipient’s encouraged to complete the return to claim the rebate; however, having completed the file and ‘submitting’ the form, all the details are delivered to the cyber-criminals via the Internet – and not HMRC. From this point, instead of receiving money, it’s likely that the criminals will use the collected data to use the person’s identity for illicit gain.”

Heather continues, “Of course, it isn’t just tax season when HMRC scams circulate. A few months back, in November, we saw a campaign circulating where the criminals had spent time creating a spoof HMRC website that was quite intricate and looked legitimate to the untrained eye. The underlying code of the page caused the information entered to be delivered once again to fraudsters.”

Brendan concludes, “Phishers are continuously looking for ways to spread malware and collect personal information that they can monetise. In fact, while a Visa or MasterCard is worth $4 on the black market, a person’s date of birth can be traded for as much as $11. If a criminal has the complete package – so National Insurance number, date of birth and credit card details – as the scams above tried to collect, that can fetch $30.”

If you receive a message, and are unsure of its legitimacy, HMRC has advice for recognising phishing emails and a list of genuine HMRC digital and other contact it has issued here:

* A ‘campaign’ refers to each unique wave of an email and not the volume of messages circulating. In 2015, PhishMe Identified 22 ‘campaigns’ compared with 38 in 2014 – a 40% decrease. Despite these small numbers, the values are still statistically significant. 

Global Banking and Finance Review Awards Nominations 2022
2022 Awards now open. Click Here to Nominate


Newsletters with Secrets & Analysis. Subscribe Now