Focus on HMRC as Many Targeted Through an Email Phishing Campaign

Haythem Elmir
0 1
Read Time2 Minute, 2 Second

A new phishing attack discovered by Malwarebytes is said to be from under a new campaign, utilizing an old trick with an end goal to steal login credentials, payment details and other sensitive data from victims by claiming to offer them a tax refund which must be asserted online.

The mail claims to be from the UK government’s tax office, HMRC, informing the potential user victims that they’re due a tax refund of £542.94 « directly » onto their credit card. The attackers apparently snare the users by offering tax refunds. In order to pressure the users they additionally give due dates in their mails to claim said refunds.

The phishing email claiming to be from HMRC.

Apparently, the scam begins by requesting for the user to tap on an offered link to the « gateway portal » and thusly, they reach another page that seems like Microsoft Outlook. Here, the user will enter their email and password to the login portal. Starting here, the attackers access the email login credentials.

Thereafter, the client reaches a fake HMRC portal that displays a form. A deceived user would unknowingly handover their passwords and email, in this way falling a prey to the hackers. Further they enter more personal information such as, users’ name, contact address, contact number, date of birth, a typical secret question for most records and card details.

So to say, Tax scams have become a rather basic methods for cyber criminals endeavoring to blackmail data or cash from victims as when people get enticed by the possibility of receiving money, they frequently bring down their safeguards – even by low-level attacks like this phishing trick: HMRC states it will never offer a reimbursement or request personal data by means of an email.

Chris Boyd, lead malware intelligence analyst at Malwarebytes says,

“These attacks can afford to be crude, as the main pressure point is the temptation of an easy cash windfall tied to a tight deadline. Not knowing that HMRC don’t issue refund notifications in this manner would also contribute to people submitting details, »

In any case it is prescribed to remain shielded from such attacks, and ensuring that the user in every case double checks the sender’s address before opening emails, in this way abstaining from following direct links and signing in to a site specifically.

 

To read the original article http://www.ehackingnews.com/2018/09/focus-on-hmrc-as-many-targeted-through.html

 

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
100 %

Average Rating

5 Star
0%
4 Star
0%
3 Star
0%
2 Star
0%
1 Star
0%

Laisser un commentaire

Next Post

Huge E-marketing Database that Contains 11 Million Sensitive Personal Records Exposed Online

Huge E-marketing Database that Contains 11 Million Sensitive Personal Records Exposed Online A huge customer database with 11 million records that containing personal details such as email, full name, gender and physical address exposed online. The data to be available from the unprotected MongoDB instance and it is open for […]