A new phishing scam that masquerades as a tax rebate application has been detected by HM Revenue & Customs (HMRC).
It claimed that it would not inform customers of a tax rebate via email, or invite them to complete an online form to receive a rebate of tax, and encouraged recipients to not visit the website contained within the email or disclose any personal or payment information.
A similar scam was reported in January 2009, and HMRC chief executive Lesley Strathie then claimed that it was the most 'sophisticated and prolific phishing scam that it had encountered. Strathie said: “I would strongly encourage anyone receiving such an email to send it to us for investigation.”
Emails that the messages are being sent from are specifically tailored to appear to come from HMRC, and include firstname.lastname@example.org, email@example.com and firstname.lastname@example.org. HMRC firmly stated that it ‘does not send out emails using these email addresses'.
Proofpoint offered five ‘golden rules' for staying safe online, including viewing any email with requests for personal IDs, financial information, user names or passwords with suspicion as your bank, government agencies, online services or legitimate online stores are unlikely to ask you for this type of information via email. It also advised to never send personal financial information such as credit card numbers and Social Security numbers via email.
Another rule is not to click on links in a suspicious email. When shopping online, entering important information such as credit card numbers, or updating personal information, make sure you are using a secure website by looking for https and the green address bar and padlock icon.
Proofpoint advised to never fill out forms within an email, especially those asking for personal information, and instead, visit the company's actual website and ensure that the page you are using is secure before entering sensitive information. Finally it recommended keeping an eye on your accounts and checking the accuracy of your credit card and bank statements on a regular basis.