After the last annual calculations of your fiscal activity, we have determined that you are eligible to receive a tax refund of 988.50 GBP. Please submit the tax refund request and allow us 2-3 days in order to process it.
Click Here to submit your tax refund request
Note : A refund can be delayed a variety of reasons, for example submitting invalid records or applying after deadline.
Best Regards
HM Revenue & Customs
The so-called "Tax Refund Portal" looks like this:
Each of the icons takes the visitor to a very professional looking phishing site to have the credentials for that bank stolen. The banks currently making up the pool including:
Barclays
Lloyds TSB
Halifax
Abbey
HSBC
Cahoot
Royal Bank of Scotland
Egg Bank
NatWest
Alliance & Leicester
In most cases the URL advertised in the phishing email actually is a forwarder to another location. For instance, the most recent phish from today forwarded to this site to show the actual content:
hxxp://daegups.com/bbs/data/bbs2/folder/folder/New Folder/United2/Folder/Folder/Folder/Folder/Folder/Folder/Folder/empty/empty/empty/United2/United/United/United/index.htm
We had previously seen seventeen such phishing sites, in July and August of 2009, but the front has been quiet until March 1st. A quick peek into the UAB PhishURLs database shows that we're seeing an escalated number of these sites being created.
2010-03-01 | http://www.tvlinko.com/refundportal.htm
2010-03-02 | http://www.tvlinko.com/hmrc/refundportal.htm
2010-03-03 | http://romeningh.dz/img/glyph/hmrc/refundportal.htm
2010-03-03 | http://www.michaelmucklow.com/wp-content/hmrc/refundportal.htm
2010-03-04 | http://www.urbanecology.org/szjtd/hmrc/hmrc/refundportal.htm
2010-03-04 | http://kaptan-electricite.dz/images/me/hmrc/hmrc/refundportal.htm
2010-03-04 | http://kaptan-electricite.dz/images/ms/hmrc/hmrc/refundportal.htm
2010-03-04 | http://www.ardeola.org/lib/hmrc/refundportal.htm
2010-03-04 | http://kaptan-electricite.dz/images/hmrc/hmrc/refundportal.htm
2010-03-04 | http://kaptan-electricite.dz/images/all/hmrc/hmrc/refundportal.htm
2010-03-05 | http://www.bloomingdaledc.org/joomla/cache/hmrc/refundportal.htm
2010-03-05 | http://www.demo.wecandesign.com.tw/gojahn/images/file/hmrc/hmrc/refundportal.htm
2010-03-05 | http://www.demo.wecandesign.com.tw/gojahn/images/image/hmrc/hmrc/refundportal.htm
2010-03-05 | http://www.demo.wecandesign.com.tw/gojahn/upimg/pro/hmrc/hmrc/refundportal.htm
2010-03-05 | http://www.demo.wecandesign.com.tw/gojahn/upimg/hmrc/hmrc/refundportal.htm
2010-03-06 | http://www.planet-promo.de/roxx/cache/hmrc/hmrc/refundportal.htm
2010-03-06 | http://mojwlasnydom.com/gallery/hmrc/hmrc/refundportal.htm
2010-03-06 | http://www.peterkinitsolutions.com/demos/lingerie/images/hmrc/hmrc/refundportal.htm
2010-03-06 | http://www.peterkinitsolutions.com/demos/Jewellery/images/hmrc/hmrc/refundportal.htm
2010-03-06 | http://planet-promo.de/cache/hmrc/hmrc/refundportal.htm
2010-03-06 | http://planet-promo.de/roxx/logs/hmrc/hmrc/refundportal.htm
2010-03-06 | http://www.examsheets.net/images/hmrc/hmrc/refundportal.htm
2010-03-07 | http://bogatypolak.com/hmrc/hmrc/refundportal.htm
2010-03-07 | http://www.cz.etechsol.pk/cp/hmrc/hmrc/refundportal.htm
2010-03-07 | http://mojwlasnydom.com/uk/hmrc/hmrc/refundportal.htm
2010-03-07 | http://artemoda.uol.com.br/fotos/hmrc/hmrc/refundportal.htm
2010-03-07 | http://bogatypolak.com/uk/hmrc/hmrc/refundportal.htm
2010-03-07 | http://www.ingatlanok.erdelyitelkek.ro/re_images/UK/hmrc/hmrc/refundportal.htm
2010-03-07 | http://mojwlasnydom.com/images/hmrc/hmrc/refundportal.htm
2010-03-07 | http://artemoda.uol.com.br/downloads/hmrc/hmrc/refundportal.htm
2010-03-07 | http://mojwlasnydom.com/libs/hmrc/hmrc/refundportal.htm
2010-03-08 | http://www.ingatlanok.erdelyitelkek.ro/re_images/UK/hmrc/refundportal.htm
2010-03-08 | http://www.cotogarden.com/templates/hmrc/refundportal.htm
2010-03-08 | http://www.cotogarden.com/myimages/hmrc/refundportal.htm
2010-03-08 | http://www.cotogarden.com/hmrc/refundportal.htm
2010-03-09 | http://www.cotogarden.com/_private/hmrc/refundportal.htm
2010-03-09 | http://www.cotogarden.com/images/hmrc/refundportal.htm
2010-03-09 | http://www.cotogarden.com/_vti_bin/hmrc/refundportal.htm
2010-03-09 | http://www.cotogarden.com/banners/hmrc/refundportal.htm
2010-03-10 | http://www.restoretherepublic.com/images/hmrc/refundportal.htm
2010-03-10 | http://www.eab-gmbh.de/images/hmrc/refundportal.htm
2010-03-10 | http://www.eab-gmbh.de/cgi-bin/hmrc/refundportal.htm
The UAB Spam Data Mine had samples in our March 6th spam at 12:30 AM, 1:30 AM, 4:30 AM and 5:45 AM spam collections for "planet-promo.de/roxx/logs/hmrc/hmrc/refundportal.htm". After that site was terminated, the bad guys relaunched in our 12:15 PM spam collection with "www.examsheets.net/images/hmrc/hmrc/refundportal.htm". As you can see, many others have followed.
We'll continue to watch for emerging patterns like this one, and share with you what we find. For now, be wary of this "Tax Refund Portal"!
0 comments:
Post a Comment