September 26, 2018 By Shane Schick 2 min read

It’s not unusual to see phishing cases on the rise during tax time, but cybercriminals are getting an early start by promising U.K. computer users a sizable refund in an attempt to steal personal data.

Recipients of the email scam, which appeared to come from Her Majesty’s Revenue and Customs (HMRC), the U.K. government department responsible for collecting taxes, were told to visit a gateway portal to receive a tax refund of around 542 pounds, according to Malwarebytes Labs.

Unlike other phishing cases, the timeline was particularly tight: The cybercriminals instructed potential victims to act within the same day they received the email.

How the Threat Actors Make the Scam Look Legitimate

Before reaching the phony gateway portal, the threat actors took victims to a replica Microsoft Outlook login page, which allowed them to harvest usernames and passwords. Once at the bogus HMRC site, victims were asked to fill out a comprehensive form that ended with fields to enter their credit card details. Much like legitimate government forms, researchers noted that the site validated what people entered to ensure they were inputting accurate information, including phone numbers and dates of birth.

Although tax refunds are of obvious interest to consumers, there are plenty of people who might be logged in to their personal email accounts at work, meaning phishing cases like these could potentially threaten an entire organization. The challenge is to understand what’s going on at the moment an attack occurs.

Why You Should Make It Easy to Report Phishing Cases

To ward off this type of attack, IBM experts recommend conducting regular internal phishing assessments and making use of open source intelligence. Companies should also make it easy for users to report phishing cases — and that doesn’t mean simply telling employees to contact IT. Instead, instructions should be as specific as possible within company policies.

Effective strategies include giving staff a hotline to call or chatbot to text and providing contact details for a specific employee who specializes in IT security issues. When the details are granular and there’s no fear of repercussions, employees are more likely to come forward when something happens and security teams can more quickly respond to threats.

Source: Malwarebytes Labs

More from

Ransomware payouts hit all-time high, but that’s not the whole story

3 min read - Ransomware payments hit an all-time high of $1.1 billion in 2023, following a steep drop in total payouts in 2022. Some factors that may have contributed to the decline in 2022 were the Ukraine conflict, fewer victims paying ransoms and cyber group takedowns by legal authorities.In 2023, however, ransomware payouts came roaring back to set a new all-time record. During 2023, nefarious actors targeted high-profile institutions and critical infrastructure, including hospitals, schools and government agencies.Still, it’s not all roses for…

What should an AI ethics governance framework look like?

4 min read - While the race to achieve generative AI intensifies, the ethical debate surrounding the technology also continues to heat up. And the stakes keep getting higher.As per Gartner, “Organizations are responsible for ensuring that AI projects they develop, deploy or use do not have negative ethical consequences.” Meanwhile, 79% of executives say AI ethics is important to their enterprise-wide AI approach, but less than 25% have operationalized ethics governance principles.AI is also high on the list of United States government concerns.…

Hive0051 goes all in with a triple threat

13 min read - As of April 2024, IBM X-Force is tracking new waves of Russian state-sponsored Hive0051 (aka UAC-0010, Gamaredon) activity featuring new iterations of Gamma malware first observed in November 2023. These discoveries follow late October 2023 findings, detailing Hive0051's use of a novel multi-channel method of rapidly rotating C2 infrastructure (DNS Fluxing) to deliver new Gamma malware variants, facilitating more than a thousand infections in a single day. An examination of a sample of the lures associated with the ongoing activity reveals…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today