Phishing Campaign Targets HMRC To Steal Login And Payment Data

Phishing Scam Danger Sign

Phishing is the fraudulent attempt to acquire sensitive information such as usernames, password and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in electronic communication.

Email phishing is a traditional hacking method but still a very lucrative option for many cyber criminals. This time HMRC has been targeted through an email phishing campaign with the aim to steal users’ logins and payment card details.

New HMRC Email Phishing Tricks Users for Tax Refunds

Studies done by Malwarebytes Labs have exposed an old phishing trick being exploited in the wild once again.  The attacker employed HMRC email phishing attack to steal sign in details of emails and payment data of the users.

 The attackers are pulling users by offering tax refunds. To notify and to put some pressure on the recipients, they set deadlines in their emails for the users to claim said returns. The emails claim to be sent from the UKGOV tax office. This email provides a refund of GBP 542.94 to be sent directly into the customers’ accounts.

 How Does It Work

Since only the researchers at Malwarebytes Labs received such an email, they explained about this new HMRC phishing attack in detail. Reportedly, the scam begins by asking the recipient to click on a given link to the “gateway portal.” Upon clicking the link, the user reaches a new page that appears like Microsoft Outlook. Here, the user will supposedly enter their email and password to the login portal. From this point, the attackers gain access to the email login credentials.

Expect Malawarebytes labs no received such an email; in detail, they informed and explained about the new HMRC phishing attack.  As per the reports, the scam starts by asking the recipient to click on the given link on the “gateway portal.” Once the connection is clicked, there will appear a new page that looks like Microsoft Outlook. Here, the users will supposedly sign in their email and passwords to a login portal.  From this point, the attacker’s gains access to the email login credentials.

After that, the user reaches a fake HMRC portal that displays a form. A tricked user would unknowingly begin entering all the details as asked, thus falling prey to the hackers. The details asked at this stage include users’ name, contact address, contact number, date of birth, mother’s maiden name (a common secret question for most accounts), and card details.

After that, the users get to a fake HMRC portal that showcases a form. In that form users have to enter the details includes name, contact address, contact number, date of birth, mother’s maiden name ( a shared secret for most users), and card details.

 Phishing is so successful because most users tend to be more trusting when receiving emails. The attackers present tax refund a typical problem one would come across every few years.

To stay secure from such attacks, make sure you double check the sender’s address before opening emails, additionally avoid following direct links and log in to a website directly.


Please enter your comment!
Please enter your name here