Here’s something I haven’t seen before.. it starts with an email:
From: HM Revenue & Customs [mailto:refund.request[email protected]]
Sent: 05 September 2012 14:27
Subject: Tax Refund Alert – Action Required
How to complain, ask for a review or make an appeal
Review process update
Review process – the first 12 months. Find out more
Claim Your Tax Refund Online
We identified an error in the calculation of your tax from the last payment, amounting to £ 859.00. In order for us to return the excess payment, we need to confirm a few extra details after which the funds will be credited to your specified bank account. Please click “Refund Me Now” below to claim your refund:
Refund Me Now
We are here to ensure the correct tax is paid at the right time, whether this relates to payment of taxes received by the department or entitlement to benefits paid.
HM Revenue & Customs Refund Department
• See also
• Appeal and review news
• Working and paying tax
• Find a form
• Complaints factsheet C/FS (PDF 67K)
HM Revenue and Customs are the UK tax collecting agency, so this is basically a tax refund. The link goes to a somewhat authentic looking page.
The phishing site in this case is in Korea (durideco.co.kr in this case). The interesting part is the drop-down menu in the middle that the victim is meant to use to select their bank. There are 17 different UK banks to choose from. Each one leads to an individual phishing page for each bank, for example:
This is quite a clever approach. Normally a phishing email is a “one bank per phish” affair.. it’s no use sending someone a Barclays phish if they’re with HSBC. In this case pretty much all the major UK banks are covered in one email which is really quite sneaky..
Leave a reply