Claims about new tax bills from HM Revenue and Customs (HMRC) has led to a fresh campaign of spam emails that direct users to complete an online refund form.
Reports from the weekend claim that nearly six million people in the UK are to be told they have paid the wrong amount of tax, with bills demanding up to £5,000 in extra payments expected.
A report in the Guardian claimed that around 1.4 million people will be told they owe an average of £1,400 because of errors in HMRC calculations of the pay as you earn (PAYE) tax system over the past two years.
However another report said that more than ten million people may be in line for a tax rebate due to errors in the HMRC tax code system. This has led to scammers jumping on the payout bandwagon, according to GFI Software's senior threat researcher Chris Boyd.
He detected an email that asks the recipient to ‘please submit your tax refund', as following an upgrade of computer systems and review of records, the recipient has made an overpayment of tax and must complete the online application.
Boyd said that the website, which has since been taken offline but he expected more to appear, asks for a comprehensive chunk of information including full name, address, date of birth, phone number and mother's maiden name. It also pre-fills a ‘tax file number', which appeared here in a phishing email from 2009.
He said: “Additionally, it seems we can expect the usual deluge of spam mail with infectious attachments so be careful what you're opening – the UK tax office does not send out random emails asking for personal information such as the above.
“Tax refund scam mails have been popular for a long time, but in the current climate of ‘our tax office has screwed up in spectacular fashion' it seems phishers will be giving it some serious attention.”