Tax Year Over.. Phishing Begins

As the end of the US and UK tax years approach on April 15th and April 5th respectively, we have seen some HM Revenue and Customs (HMRC) phishing, but to date we haven’t seen the level of Internal Revenue Service (IRS) phishing activity we had anticipated. Most of the HMRC phish emails look very convincing and ask the recipient for the details of the credit card number you want your tax refund to be made to.

The image below is a recent example of a fake HMRC site we have seen being used in this scam:

There are several things we can all do to protect ourselves against phishing:

• Always be suspicious before logging into or entering any details into a website. You can check the address bar and links to make sure the correct domain is present, but beware links can be formatted to make them look like they are from the correct domain. The best thing to do is to type the address of the site you want to login to directly into the browser rather than clicking on links.
• Never give out credit card or bank account details in response to an email. As a general rule banks and other financial institutions do not send emails asking you to enter these details.
• Keep your anti-virus and anti-spam applications up-to-date. Use other tools like our free SiteAdvisor product that has built in defenses against phishing.

There is further information on other fraud attempts the HMRC are aware of on their website . The IRS also have phishing high on their dirty dozen tax scams and have recently issued a reminder about internet sites that resemble the official IRS site.