MX Lab, http://www.mxlab.eu, started to intercept a new phishing campaign with the subject “HM Revenue & Customs – Important Refund Notification!”.
The email is send from the spoofed address “HM Revenue & Customs <firstname.lastname@example.org>” and has the following body regarding a refund:
HM Revenue & Customs (HMRC)
TAX REFUND NOTIFICATION
After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of 379.83 GBP
Please submit the tax refund request and allow us 6-9 days in order to process it.
To access your tax refund, please follow the steps bellow:
– download the Tax Refund Form attached to this email
– open it in a browser (recommended internet explorer)
– follow the instructions on your screen
NOTE: Fill in all required fields, otherwise the refund process will be canceled.
A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline.
Revenue and Tax Administrator
HM Revenue & Customs
Tax Credit Office
PO Box 1970
TAX REFUND ID: UK8561811-HMRC
© Crown Copyright, HM Revenue & Customs
Attached is the HTML page named HM Revenue&Customs – Refund Form.html. When opening HM Revenue&Customs – Refund Form.html you will get an HTML web form with the lay out of the HM Revenue & Customs.
Data of the form, items such as name, birthday, VISA card number, security code and expiration date, is all submitted towards hxxp://rosuik.ru/images/template/files/html/ and a redirect towards http://search2.hmrc.gov.uk/kb5/hmrc/contactus/home.page is executed afterwards.
MX Lab advices not to follow the instructions as specified in this email because they are attempts to steal valuable data from a person that can and will be abused. Banks and other institutions will never ask you to open an local HTML page and fill in such details.