HM Revenue and Custom Scam
One of life’s worst tasks is paying taxes and giving up your hard-earned money. But it’s something we all have to do like it or not. So when we get the news that we’re due to get some money back, it seems like a red letter day.
However, there are criminals eager to take advantage of that jubilation, and you might find that your eagerness to claim a supposed refund could lead to a case of identity theft, plus bring you a lot of spam.
How It WorksQuite unexpectedly, you might receive an e-mail with the following header:
|From: HM Revenue & Customs [mailto:firstname.lastname@example.org] |
Sent: 01 February 2007 11:24
To: Xxxxxxx, Xxxx
Subject: HM Revenue & Customs - Notification.
Of course, you’re going to open it, because it looks official. It becomes particularly interesting when you read it and the letter tells you that you’re due a refund of tax that you’ve paid. All you have to do is click on the link which will bring you to a form where you fill out your details to claim the money. Naturally, you’re eager to do that without thinking further and give out all the personal information they request.
The problem is that there’s no refund, and the whole mail is fake. It’s phishing, where the link directs you to a counterfeit web site where your personal information is harvested by criminals, but with a slightly different twist, and aimed specifically at people in Britain. But there’s also another little sting in the tail. The HM Customs & Revenue graphic that’s part of the mail contains code that can indicate to the sender that you’ve opened the mail and leaves you prone to receive a lot more spam – just to add insult to injury.
Once you’ve filled in the form, you’ve given the scammers all they need to steal your identity – and you’ll be waiting around in vain for any money.
How to Avoid ItIt’s very easy to say that you simply shouldn’t open the mail, but for many people a sense that it might be official means they feel compelled to read it, and, of course, that’s exactly what the crooks trade upon.
But think for a minute. How often have you had official government communications by e-mail? The answer is never. You’d receive a letter like this in the post, addressed to you, and you only (if you look at the header, you’ll see that it’s sent to many people – it’s spam).
The problem with this mail is that, even if you don’t fall for the scam and fill out the form, you’ve still laid yourself open to spam merely by opening the mail. However, a good spam filter will help you cut down on that. It’s not a perfect solution, but better than nothing.
It goes without saying that you should never give out personal information without knowing that it’s going exactly where you want, on a secure site. That means not following links in e-mails.
Approach any mail that requires you to click on a link or give up sensitive information with great caution. Probably the best solution is to check with the institution or agency involved – and that means by either calling them, or e-mailing an enquiry using an address obtained from their site (typing in the URL, rather than following a link).