A new UK focused spam run is hitting spam traps and inboxes this morning. In what has become standard phishing style and very similar to the Australian tax spam last month, this time it is the British who qualify for a “tax refund”.
The original spam mail (below) purports to come from Her Majesty’s Revenue & Customs, and promises the recipient a tax refund. It comes complete with the correct address of the Tax Credit Office in Preston, UK and a working telephone number for the tax credit helpline.
If the recipient is taken in by the email, an opens the suspiciously named (payment_form.pdf.html) attachment, they will be asked to surrender all the information necessary for credit card fraud, up to and including mother’s maiden name and CVV code (the numeric code printed on the back of the credit card).
The web form is based on an American template, which can be seen from the telephone number format, indeed a quick squint at the html code reveals that it is using style sheets imported from www.irs.gov. However the original email was created using Windows charset 1251, which is the character encoding designed to cover the Cyrillic alphabet, I’ll leave you to draw your own conclusions about the origin of the message.
At the time of writing, there is no server responding at this malicious destination. We have informed HMRC of this fraudulent email, for further information from HMRC, please see http://www.hmrc.gov.uk/security/spoofs.htm
Thanks to Rishi for sending me the original sample mail.