HMRC or phishers?
According to HMRC, a few people in the UK have overpaid their tax and are due for a refund. Far, far more people have underpaid – and can expect to be billed for something like £1500. So, if you get an email from the Revenue, the chances are that they want your money rather than you will get theirs.
In fact, of course, it’s a 100% certainty that if you get an email from the Revenue, and you respond to it, you will lose out. Because it ain’t from the Revenue – it’s from those bad people who like to steal from us. Sophos is already reporting that phishers are seeking to cash in with emails that claim to come from HMRC with the subject line “You Have An HMRC Refund”, informing the recipient that they have made overpayments.
If you do make the mistake of filling in the form, your confidential data is uploaded to a Chinese server. You’re not going to receive a windfall because of this form – you’ve just been phished. The real HMRC website contains advice about scams like this, and clearly states that they would never inform customers of a tax rebate via email, or invite them to complete an online form to receive a rebate of tax. You have been warned – don’t let your eagerness for a tax refund lead you to throw caution to the wind.
Graham Cluley, senior technology consultant at Sophos