Revenue spam attacks IT contractors
HM Revenue and Customs has fallen victim to an illegal spam operation that is targeting small business owners and IT contractors, Contractor UK has learnt.
Arriving in inboxes with the subject line, 'Pay tax today with HM Revenue & Customs' the spoof e-mail requests users click an attached PDF file to use the taxman's online services.
A spokesman for HMRC said, "Anyone who receives a message sent from email@example.com should be aware that it does not come from HMRC and therefore should be treated with suspicion."
Security experts at Sophos have agreed to analyse the rogue message and its attachment in their laboratory, to determine whether it is fraudulent, a virus, or a part of a dual-stage phishing attack.
"HMRC's advice is right on the money," said Carole Theriault, senior security consultant. "All unsolicited e-mail should be treated with caution - particularly if the mail is requesting an action, such as click on a link or hand over some cash."
One IT contractor who reported the hoax said she was bombarded with not just one, but three separate messages all claiming her tax bill could be directly settled by clicking the attached link.
Despite the spoof featuring the HMRC logo and crest, she suspected the e-mail was a hoax, rather than a genuine communication such as enabling letter, because her secure online account with Revenue & Customs displayed 'no new messages.'
Responding to the reports, the Revenue said it would not contact taxpayers via generic Web mail accounts, though it may e-mail them as a notification to check their secure inbox (provided by the tax authority).
"I can confirm that we are aware that e-mail is in circulation which falsely claims to be from HM Revenue & Customs, and which may contain a virus," a Revenue spokesman said yesterday.
In response, Sophos explained the cyber attack had probably migrated from the US after taxpayers and the IRS were engulfed in a similar e-mail scam last month.
"The public need to brace themselves to see more of these types of email that try and fool you out of your hard-earned cash," the security firm said in a statement.
According to the company's recent poll of 600 of internet users, 60 per cent claimed to receive one phishing e-mail every day, while over the same period, 20 per cent said they can expect to receive at least five phishing e-mails.