New Phishing Attack Uses An Old Trick

Please log in to browse. Login now
Uploaded on 2018-09-26 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

A new phishing campaign is using an old trick in an effort to steal login credentials, payment details and other sensitive information from victims by claiming to offer them a tax refund which can only be claimed online. The message claims to be the UK government's tax office, HMRC, and tells potential victims that they're due a tax refund of £542.94 "directly" onto their credit card.

In an attempt to pressure targets into falling for the scheme, they're told that the link to the "customer" portal" expires on the day the message is received, the hope is that this will panic victims into thinking they'll miss out on a sizeable cash payment.

The phishing scam was uncovered by Malwarebytes.

The isn't exactly sophisticated, not only is the subject line extremely poorly formatted and sent from an email address which has nothing to do with government, the attackers have put little effort into the fake HMRC website used to scoop up credentials.

Before reaching this site, those who click through to the 'portal' are first faced with a fake Outlook login page which asks victims for their username and password in what's purely an attempt to steal credentials. After victim’s hands over their email and password, they're taken to a fake 'refund' website which only contains boxes for entering information. Victims are asked to enter their full name, address, phone number, date of birth, mother's maiden name and full credit card details, including the security code.

Essentially, the attackers are harvesting all the data required for not just stealing bank details, but login credentials which could be used to access other accounts, as well as vast amounts of personal information which could easily be exploited for identity theft and fraud, or sold onto others on underground forums.

Tax scams are a common means of cyber criminals attempting to extort information or money from victims: HMRC states it will never offer a repayment or ask for personal information via email.

However, when people get tempted by the prospect of receiving a payment, they can often lower their defences, even by low-level attacks like this phishing scam. "These attacks can afford to be crude, as the main pressure point is the temptation of an easy cash windfall tied to a tight deadline. Not knowing that HMRC don't issue refund notifications in this manner would also contribute to people submitting details," Chris Boyd, lead malware intelligence analyst at Malwarebytes told ZDNet.

While this phishing attack might seem basic, attackers wouldn't put time into distributing emails if it didn't work. Phishing remains an effective means of conducting cyber-attacks at a number of levels, ranging from low-level scams like this, to high-level hacking and espionage campaigns by nation-state level attackers.

Indeed, a recent report by the US Department of Justice concluded that some of the biggest cyber-attacks in recent years, including the North Korean attacks against Sony and the Swift banking network began with a simple phishing email. 

ZDNet:               Image: Nick Youngson

You Might Also Read:

Phishing Tools Used To Attack The Power Grid:

‘Important Information About Your Credit Card’:

 

 

« Insurance Experts Expect Higher Cyber Losses
Smartphones Are Working For Dutch Police »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

European Internet Forum (EIF)

European Internet Forum (EIF)

EIF’s mission is to help provide European political leadership for the political, economic and social challenges of the worldwide digital transformation.

ODVA

ODVA

ODVA is a global trade and standards development organization whose members comprise the world’s leading industrial automation companies.

Futurex

Futurex

Futurex is a globally recognized provider of enterprise-class data encryption solutions.

ID Quantique (IDQ)

ID Quantique (IDQ)

ID Quantique is a world leader in quantum-safe crypto solutions, designed to protect data for the long-term future.

SBD Automotive

SBD Automotive

SBD Automotive are specialists in automotive technology providing independent research and consultancy to help create smarter, more secure, better connected, and increasingly autonomous cars.

Intrinsyc Technologies

Intrinsyc Technologies

Intrinsyc provides product development services and Edge Computing modules that are helping to take the Internet of Things products to the next level.

Opticks Security

Opticks Security

Opticks provides fraud detection and monitoring solutions for leading brands. agencies and networks. Our relentless mission is to deliver reliable and innovative software to beat digital fraud.

Pratum

Pratum

Pratum is an information security services firm that helps clients solve challenges based on risk, not fear.

tTech

tTech

tTech is the first and foremost company providing outsourced Information Technology solutions to businesses in Jamaica.

Guernsey

Guernsey

Guernsey provides a wide range of engineering, architecture and consulting services to multiple markets, including cybersecurity consulting and CMMC certification.

Wib

Wib

Wib is an API security leader. We are the only company providing a solution for the entire API development lifecycle.

Rampart AI

Rampart AI

Tackling DevSecOps Issues In Application Security. Rampart has revolutionized the shift left security approach, applying zero-trust to application development.

Cloudbrink

Cloudbrink

Cloudbrink is purpose-built to deliver the industry’s highest performance connectivity to remote and hybrid workers, anywhere in the world.

Tyto Athene

Tyto Athene

At Tyto Athene, we harness the power of technology to provide solutions that shape the future.

Slide

Slide

Slide is a modern, security-first Business Continuity & Disaster Recovery (BCDR) company built exclusively for Managed Service Providers.

SELFY Project

SELFY Project

The SELFY project has developed a toolbox made up of collaborative solutions with the objective to improve the resilience of the Cooperative Connected Automated Mobility sector.