New HMRC Phishing Scam

I’ve just gotten a new email from a very suspicious looking email address claiming they were HMRC and that I’m entitled to a refund.

Email address: “Gateway HMRC” <4YFW1AHTNGVH-KRBZC2H46EQF9-vWwByutFvbxt-HilwPbUkynMNX@twyford.ealing.sch.uk>

Email Subject: DO NOT REPLY | ‘Payment receipt return’ | ‘Review your automatic payment’ | ‘Item No.31468060423885’ gukm3038 8/22/2018

Email content:

{Dear} [MyEmail],

                ------------------------------------------------------------------------------------------------------------------------------
THIS IS AN AUTOMATED EMAIL - PLEASE DO NOT REPLY
AS EMAILS RECEIVED AT THIS ADDRESS CANNOT
BE RESPONDED TO.
                ------------------------------------------------------------------------------------------------------------------------------
You are eligible to receive a refund of up to 356.24 GBP.
                
Here's your HMRC Payment Reference : 6FCB09E60C02F2E2A25EFF3C - (Please retain for your records)
                ------------------------------------------------------------------------------------------------------------------------------
Please note: your payment will be processed after you complete your request.
                
To complete your request login to Customer Portal from HMRC Gateway and follow the instructions on your screen.
                
Customer Portal - http://payment.gateway-revenue.ids0679695.nevozec.com
                
Customer number: 1070717493 01
Payment amount: GBP 356.24
Date: 22 August 2018 07:47
Return payment method: Online by Debit/Credit Card
                
Note : A refund can be delayed a variety of reasons, for example 
submitting invalid records or applying after deadline.
                
HM Gateway computer systems will be monitored and communications 
carried on them recorded, to secure the effective operation of the 
system and for lawful purposes.
                
The Commissioners for HM Revenue and Customs are not liable for any 
personal views of the sender.
                
This e-mail may have been intercepted and its information altered.

What are the dead give-aways of a phishing email?

  • Email address does not belong to HMRC
  • Missing HMRC header image
  • Email was sent in text format (they normally send HTML encoded)
  • The amount seems pretty random 🙂
  • The customer portal URL is not on the www.gov.uk domain and it’s not HTTPs
  • HMRC bottom footer signature is missing from the email
  • Those sentences: “The Commissioners for HM Revenue and Customs are not liable for any personal views of the sender.” – meaning that the sender is not in any relationship with HMRC and HMRC cannot be held responsible if you get defrauded
  • “This e-mail may have been intercepted and its information altered.” – Really? Really?

For more information about phishing, check out the HMRC website and forward any suspicious emails that you might get to phishing@hmrc.gsi.gov.uk

Avoid and report internet scams and phishing

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.