New Phishing Attack Uses An Old Trick

Uploaded on 2018-09-26 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

A new phishing campaign is using an old trick in an effort to steal login credentials, payment details and other sensitive information from victims by claiming to offer them a tax refund which can only be claimed online. The message claims to be the UK government's tax office, HMRC, and tells potential victims that they're due a tax refund of £542.94 "directly" onto their credit card.

In an attempt to pressure targets into falling for the scheme, they're told that the link to the "customer" portal" expires on the day the message is received, the hope is that this will panic victims into thinking they'll miss out on a sizeable cash payment.

The phishing scam was uncovered by Malwarebytes.

The isn't exactly sophisticated, not only is the subject line extremely poorly formatted and sent from an email address which has nothing to do with government, the attackers have put little effort into the fake HMRC website used to scoop up credentials.

Before reaching this site, those who click through to the 'portal' are first faced with a fake Outlook login page which asks victims for their username and password in what's purely an attempt to steal credentials. After victim’s hands over their email and password, they're taken to a fake 'refund' website which only contains boxes for entering information. Victims are asked to enter their full name, address, phone number, date of birth, mother's maiden name and full credit card details, including the security code.

Essentially, the attackers are harvesting all the data required for not just stealing bank details, but login credentials which could be used to access other accounts, as well as vast amounts of personal information which could easily be exploited for identity theft and fraud, or sold onto others on underground forums.

Tax scams are a common means of cyber criminals attempting to extort information or money from victims: HMRC states it will never offer a repayment or ask for personal information via email.

However, when people get tempted by the prospect of receiving a payment, they can often lower their defences, even by low-level attacks like this phishing scam. "These attacks can afford to be crude, as the main pressure point is the temptation of an easy cash windfall tied to a tight deadline. Not knowing that HMRC don't issue refund notifications in this manner would also contribute to people submitting details," Chris Boyd, lead malware intelligence analyst at Malwarebytes told ZDNet.

While this phishing attack might seem basic, attackers wouldn't put time into distributing emails if it didn't work. Phishing remains an effective means of conducting cyber-attacks at a number of levels, ranging from low-level scams like this, to high-level hacking and espionage campaigns by nation-state level attackers.

Indeed, a recent report by the US Department of Justice concluded that some of the biggest cyber-attacks in recent years, including the North Korean attacks against Sony and the Swift banking network began with a simple phishing email. 

ZDNet:               Image: Nick Youngson

You Might Also Read:

Phishing Tools Used To Attack The Power Grid:

‘Important Information About Your Credit Card’:

 

 

« Insurance Experts Expect Higher Cyber Losses
Smartphones Are Working For Dutch Police »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CDNetworks

CDNetworks

CDNetworks is a global content delivery network with a fully integrated cloud security solution, offering unparalleled speed, security and reliability for the almost instant delivery of web content.

Telspace Africa

Telspace Africa

Telspace Africa provide the highest level of IT security solutions including advisory, penetration testing, vulnerability assessments, red teaming, social engineering and training.

Zen360Consult

Zen360Consult

Zen360Consult provides Advisory and Training services in the field of Cyber Resilience, which includes Cyber Security /ISMS and Business Continuity.

ComoNExT Innovation Hub

ComoNExT Innovation Hub

ComoNExT is a Digital Innovation Hub and a startup incubator with a focus on the issues of digital transformation and Industry 4.0.

Centre for Cyber Security Belgium (CCB)

Centre for Cyber Security Belgium (CCB)

The Centre for Cyber Security Belgium is the central authority for cyber security in Belgium.

Symmetry Systems

Symmetry Systems

Symmetry Systems is a provider of data store and object-level security (DSOS) solutions that give organizations visibility into, and unified access control of, their most valuable data assets.

Performance Technologies

Performance Technologies

As a leading IT Solutions Provider in Greece, Performance Technologies delivers reliable, long life solutions, ensuring continuous availability of business-critical services and information.

LogicMonitor

LogicMonitor

LogicMonitor provides SaaS-based IT infrastructure monitoring services for on-premises and multi-cloud environments.

BlueCat Networks

BlueCat Networks

BlueCat is the Adaptive DNS company. Our mission is to help the world’s largest organizations thrive on network complexity, from the edge to the core.

VISO Cyber Security

VISO Cyber Security

VISO provide Cyber Security Consulting and CISO as a Service to companies who need to augment their leadership teams with information security expertise.

Radius Technologies

Radius Technologies

Radius Technologies is trusted by progressive SMEs to deliver world-class cloud, IT solutions, IT and data security, and telecoms systems.

Teleskope

Teleskope

Teleskope are on a mission to empower businesses to protect sensitive data by default.

Crypto Legal

Crypto Legal

Crypto Legal is a leading UK-based law firm specialising in blockchain forensics and legal services.

Revytech

Revytech

Revytech is a tech company providing services in a broad range of areas including IT operations, cyber security and network engineering.

Aspiron Search

Aspiron Search

Aspiron Search is a niche-focused Cybersecurity search firm that works exclusively with venture-backed Cybersecurity firms.

International Maritime Cyber Security Organisation (IMCSO)

International Maritime Cyber Security Organisation (IMCSO)

The IMCSO mission is to be the standard in the maritime cyber security industry, a collective voice, working towards alignment and standardisation.