United Kingdom Citizens Encounter Tax Refund Scam

United Kingdom Citizens Encounter Tax Refund Scam

Recently, it was discovered that various phishing emails and messages are attempting to break into the Brits. These emails are claiming to render a tax refund from the Queen’s Revenue and their Customs.

It is mentioned in the research which was published by Abnormal Security. It also describes the necessary details of the fraud incidents which happened during this period. The scammers are portraying themselves as the officials of the UK government in order to fool the taxpayers.

Structure of the malicious email

There several complaints which the officials have received in which they mentioned that users are receiving extremely convenient messages in their inbox. The messages stated that the receiver will get a tax refund from 2018.

Apart from that, the email also contains a link that redirects the user to a fake website that is designed by hackers. After that the user was asked to enter the relevant and personal information. If that person submits accurate information then it is evident that he/she has fallen into the trap.

The website page is designed and developed in such a way that it looks nice and authenticated. The website also contains similar graphics, style, font, and icons due to which it resembles the official HMRC website .

The statement passed by the Abnormal Security

The spokesperson of Abnormal Security stated that the URL which was attached in the emails is comprised of a link that takes the user to another website. This is the major reason due to which the hackers can easily steal personal and sensitive information from the user.

In addition to this, the cyber-criminals behind the scams have fixed a deadline that also claims the false date of tax refund and hence it forces the users to click on this link. The spokesperson further claims that at the time of refunding the tax is utterly sensitive.

The email was sent to the users on 16th April 2020 and the last date of tax refund was mentioned as 17th April. It is also mentioned in the email that if the user doesn’t follow they will lose the refund.

According to the researchers they have found a high level of information and details were included in the emails. The emails also have a fake landing page that was meant to increase the trust in the users.

According to the Abnormal researchers, the receivers are finding it very difficult to make out the difference between the real and the fake website. Besides, these pages are specially designed to take personal credentials and information from the user.

They further explained that the attacker made a convincing move. The subject of the email was appearing truthful including the subject, body and the payment reference.

Apart from this, the email’s body has got a legitimate value and date of the tax refund. The email also stated issuing, number, issuing date and transaction ID as well. Hence landing page was so similar that it was difficult to make out the original and fake tax claim page of government.

According to the various researches which have been conducted, the malicious mail was received by 20,000 users through the Office 365 platform. These kinds of emails are considered as a big threat to the nation and the people’s personal data.

The cyber experts have warned the people to not open any such email because it can even corrupt your system and retrieve all your useful information. In recent times the government has also decided to take strict action against cybercriminals.

The users should also keep a thorough check on their mailbox and reach out to the security support in case they face such kind of situation again.

Linda Campbell
Linda has been working on the topic of Internet security and data privacy for four years straight, turning the market and the industry inside-out with one purpose. To find how best we can protect our data when online, and what ways can quickly and easily help us broaden our content access. We can’t think of a person more fitted to review and guide people in the VPN world.