HMRC website targeted by phishing attacks

Consumers and businesses are being targeted by phishing emails pretending to be from HMRC, which are trying to get users to input confidential credit card details.

Potential victims would receive an email claiming to be from Her Majesty's Revenue and Custom (HMRC) and offering a link which pretends to be from the HMRC but is in fact hosted on a Chinese website.

This would be identical to the HMRC website, where you would be prompted to enter your full name, date of birth and so on. If you followed it through to the section where it asks you about giving you a tax refund, it will ask you for credit card details and when the process is finished send you to the real HMRC website.

"The only thing that would arise any suspicion would be actual address at the top of the website, which would clearly be from a Chinese domain," said Paul Wood, senior analyst for MessageLabs, who discovered the attack.

"If you are looking at the information, that should raise alarm bells straight away. There have been more sophisticated attacks with techniques to hide [the address] so it wouldn't be difficult to make this more convincing."

MessageLabs said the attacks took place over a three-day period starting from 30 June with 33,000 emails addressed to mainly UK recipients. Wood said that the attacks were very similar to US attacks at the beginning of the year spoofing which followed the same tax return pattern.

"The HMRC attacks had a remarkable resemblance to the attacks we had already seen targeting the US, so much so that the content of the message was identical."

Wood said the nature of the phishing suggested that criminals were using a kit which could screen scrape' the website so they had a landing page which they could use to conduct the phishing attack.

It also looked like they were using the same templates to write the emails they were using for the previous US attack. Wood said: "It means they are raising the bar when it came to phishing attacks.

"You don't have to be technically advanced to do this. You could take one of these toolkits and do it yourself by pressing the right buttons, which will do the job for you."

Pictures of the phishing attack are available here