Alerts E-Threats

Wave of phishing and malware marks UK tax season

We know it’s UK tax season when spammers start sending Brits false tax refund forms by e-mail to steal identities and money-related information. Bitdefender Anti-Spam Lab points to a total of 10,000 tax-related e-mails sent in a single day in the first week of March.

E-mails scams promise users hundreds of pounds, then silently steal sensitive authentication data either through phishing forms or by deploying infected code such as Zbot (identified by Bitdefender as Trojan.GenericKD.1601044) onto people’s systems.

This type of tax refund phishing scam – pretending to be from the very HM Revenue & Customs – has been reinvented for years now and has regularly resurfaced in successful campaigns to target US, UK and Australian citizens alike.

These illegal e-mails have an official appearance with subject tag lines such as RECALCULATION OF YOUR TAX REFUND, HMRC: TAX REFUND, HMRC: Please submit the tax refund form! TAX REFUND NOTIFICATION or Private & Confidential HMRC: Annual Tax Refund.

The messages contain either links that open fraudulent websites or fake registration forms sent as attachments to collect sensitive data about taxpayers that will eventually help fraudsters impersonate the innocent in deceitful operations.

Once someone gives away information such as full name, date of birth, address, phone number, card number and expiry date and security code, there is no stopping the crook from steering victims’ money toward their accounts.

Some e-mails are delivered with a phishing form while others come with a malicious attachment that, once opened, will steal credentials from FTP accounts (used to harbor malware), Bitcoin wallets or info on e-mail clients and browsers. Some contact other compromised systems in a Peer to Peer connection to download the Zbot banking Trojan.

The official HMRC site clearly states that they “NEVER send notification of a tax rebate by email, or ask you to disclose personal or payment information by email.” For more samples of tax rebate-related bogus e-mails and the most common lures, click here.

This article is based on spam samples provided courtesy of Ionut-Daniel RAILEANU, Bitdefender Anti-Spam Researcher and the technical information provided by Doina Cosovan, Bitdefender Virus Analyst.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author


A blend of teacher and technical journalist with a pinch of e-threat analysis, Loredana Botezatu writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair. Loredana has been writing about the IT world and e-security for well over five years and has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.