Proofpoint: Security, Compliance and the Cloud

Update Feb, 2010: This and similar scams, impersonating HMRC have continued into 2010. Rather than do a new blog post about this, I thought I would encourage you to read my original post, but also refer you to an excellent article at Yahoo that details the latest versions of this phishing attack. Please see:

Beware this Tax Rebate Scam by Donna Werner of LoveMoney.com

In the article, Werner explains, "Fraudsters are sending out thousands of tax refund 'phishing' emails following the 31 January tax deadline, according to HM Revenue & Customs. The email asks you to input your credit card or bank details into an online form, so that the rebate can be paid to you. But if you provide your details, your account will be emptied and your credit cards will be used to their limit, and you may also become a victim of identity fraud."

The article also includes a great deal of detail about how the latest versions of these emails look and how to identify them. Also, links to some good resources for reporting these frauds and additional tips on staying safe online in general.

--- Here's my original post on this HMRC tax refund phishing scam ---

The Guardian reports today that Britain's tax authority, HM Revenue & Customs, issued a warning about a rash of scam emails that use convincing (but fake) government email address that attempts to lure recipients into divulging their personal information to receive a tax refund.

Says the article:

An email which uses the address securemail@hmrc.gov.uk claims recipients are eligible to receive a tax refund, and invites them to complete an online form or click on a link to submit a tax refund request.

Guardian Money reader Deepali Schneider received an email using this address yesterday, saying she was entitled to a tax refund of £988.50. The email stated: "After the last annual calculations of your fiscal activity, we have determined that you are eligible to receive a tax refund of 988.50 GBP. Please submit the tax refund request and allow us 2-3 days in order to process it."

It added: "A refund can be delayed [sic] a variety of reasons, for example submitting invalid records or applying after deadline."

Like most legitimate businesses and government organizations, the HMRC stresses that it would not inform citizens of a tax rebate via email, nor would it invite them to complete an online form to receive a tax rebate. These sorts of requests are almost always a sure-fire sign that an email you've received is a phishing attempt, rather than a legitimate email.

The HMRC provides a list of good suggestions for protecting yourself from phishing online, that echoes the "golden rules" that we regularly reiterate in this blog. Find the HMRC's page here:

http://www.hmrc.gov.uk/security/index.htm

And to reiterate Proofpoint's "Golden Rules" for staying safe online:

1. Be aware:View with suspicion any email with requests for personal IDs, financial information, user names or passwords. Your bank, government agencies, online services or legitimate online stores are unlikely to ask you for this type of information via email. Consumers should also be suspicious of similar emails that appear to come from an employer. Never send personal financial information such as credit card numbers and Social Security numbers via email.
2. Don’t click: If you receive a suspicious email, don’t click the links in the email and never open file attachments from anything but 100 percent trusted sources. Links embedded in emails may take you to fraudulent sites that look similar or identical to the legitimate “spoofed” site. Instead of clicking, open a browser and type the actual Web address for the site into the address bar. Alternatively, call the company using a phone number you already know.
3. Be secure:When you are shopping online, entering important information such as credit card numbers, or updating personal information, make sure you’re using a secure Web site. If you are on a secure Web server, the Web address will begin with “https://” instead of the usual “http://”. Most Web browsers also show an icon (such as Internet Explorer’s “padlock” icon) to indicate that the page you are viewing is secure.
4. Don’t fill out email forms: Never fill out forms within an email, especially those asking for personal information. Instead, visit the company’s actual Web site and ensure that the page you are using is secure before entering sensitive information.
5. Keep an eye on your accounts: Check the accuracy of your credit card and bank statements on a regular basis, especially during this time of financial turmoil and during the upcoming holiday season. If you see anything suspicious, contact the financial institution immediately.