Phishing is old hacking trick, but is still very lucrative and works wonders if it succeeds. This time around the focus is on HMRC with many targeted through an email phishing campaign with the intent to steal users’ logins and payment card details. The receiver is pressured to believe that the email has come from a genuine source looking to verify some information and they end up giving the crucial personal details.
The premise
This time around, the email message claims to be the UK government’s tax office, HMRC, and tells potential victims that they’re due a tax refund of £542.94 “directly” onto their credit card. The attackers make use of HMRC email phishing attacks to pilfer email login details and payment data of the users. In an attempt to pressure targets into falling for the scheme, they’re told that the link to the “customer” portal” expires on the day the message is received. This does panic victims into thinking they’ll miss out on a sizeable cash payment. The phishing scam was uncovered by Malwarebytes. To put some pressure on the recipients, they further provide deadlines in their emails for the users to claim said refunds.
The execution
The scam begins by asking the recipient to click on a given link to the “gateway portal”. Upon clicking the link, the user reaches a new page that appears like Microsoft Outlook. Here, the user will supposedly enter their email and password to the login portal. From this point, the attackers gain access to the email login credentials.
Afterward, the user reaches a fake HMRC portal that displays a form. A tricked user would unknowingly begin entering all the details as asked, thus falling a prey to the hackers. The details asked at this stage include users’ name, contact address, contact number, date of birth, mother’s maiden name (a common secret question for most accounts), and card details.
The reason why phishing is still so successful is that most users tend to be more trusting when receiving emails. As in this case, the attackers offer tax refund a typical issue one would come across every few years.
To stay protected from such attacks, make sure you double check the sender’s address before opening emails, additionally avoid following direct links and log in to a website directly.
The Safety measure
For organizations implementing DMARC protocols would certainly help in such a scenario. It will not only help identify the sender of the mail but also give assurance to receiver of the genuineness of the origin. Most of such attacks also succeed because of the simplicity and timing of such mails.