By Jeff Horne, Director, Threat Research
As tax season rolls around again in the US and UK, it seems like a good time to revisit the perils taxpayers face seemingly every year at around this time.
Phishing attacks against taxpayers are already in full swing — not that they haven’t been going continuously since last year. But this is high season for scams involving Web pages that look like the IRS or HMRC’s own Web site.
Scam messages typically contain dire warnings or outrageously large promises for a refund. The messages often are presented as if they originate from a tax authority, but contain links leading to phishing Web pages, or malicious attached files.
These scam pages typically appear to look exactly like a page on the real IRS or HMRC Web site. If you receive such a message, don’t reply to the sender, don’t email any sensitive information, and don’t follow any link in the message.
The pages promise to automatically transfer a tax refund to the recipient’s bank account, if you only would provide the scam artist with your complete banking, credit card, and personal details.