Fake HMRC Notice of Underreported Income

Nothing is certain but death, taxes and

Several months ago I wrote an alert
about cybercriminals targeting US taxpayers
who were supposed to e-file
their previous year tax return. As the Self Assessment Tax Return and Pension Schemes
Filing deadline are knocking at the doors of the UK taxpayers, it looks like the
malware dissemination scheme simply crossed the ocean and start endangering the
unsuspecting subjects of Her Majesty.

The unsolicited message used as bait – which requires the users
to review their underreported income statement – is identical with the one
previously used to deceive IRS recipients, as you can see below:


The alleged customized link does not lead towards Her
Majesty Revenue & Customs’ Web site, but to Web page (registered on a
Tuvalu islands – .tv – domain), which
mimics a personalized download location, employing several visual
identification elements of the original site (registered on
domain), such as the logo, header or formatting elements.


The page also provides a link of a purported tax statement that the user
should download and execute. However, upon clicking the user does not receive
an e-form, but a cocktail of malicious payloads, employed earlier this week in another
malware campaign using Microsoft

About the author


With a humanities passion and background (BA and MA in Comparative Literature at the Faculty of Letters, University of Bucharest) - complemented by an avid interest for the IT world and its stunning evolution, I joined in the autumn of 2003 the chief editors' team from Niculescu Publishing House, as IT&C Chief Editor, where (among many other things) I coordinated the Romanian version of the well-known SAMS Teach Yourself in 24 Hours series. In 2005 I accepted two new challenges and became Junior Lecturer at the Faculty of Letters (to quote U2 - "A Sort of Homecoming") and Lead Technical Writer at BluePhoenix Solutions.

After leaving from BluePhoenix in 2008, I rediscovered "all that technical jazz" with the E-Threat Analysis and Communication Team at BitDefender, the creator of one of the industry's fastest and most effective lines of internationally certified security software. Here I produce a wide range of IT&C security-related content, from malware, spam and phishing alerts to technical whitepapers and press releases. Every now and then, I enjoy scrutinizing the convolutions of e-criminals' "not-so-beautiful mind" and, in counterpart, the new defensive trends throughout posts on

Balancing the keen and until late in night (please read "early morning") reading (fiction and comparative literature studies mostly) with Internet "addiction", the genuine zeal for my bright and fervid students with the craze for the latest discoveries in science and technology, I also enjoy taking not very usual pictures (I'm not a pro, but if you want to see the world through my lenses, here are some samples, messing around with DTP programs to put out some nifty book layouts and wacky t-shirts, roaming the world (I can hardly wait to come back in the Big Apple), and last but not least, driving my small Korean car throughout the intricacies of our metropolis's traffic.

1 Comment

Click here to post a comment
  • FYI, I just got such a message today Oct 21st 2013, but with an executable file. Thanks to this article I knew it was a phishing attempt.