Business Crime: UK phishing attempt targets tax data

The UK government is something of a leaky ship when it comes to protecting personal data. But this time, if data is lost, it won't be the government's fault.

A spam headed "Notice of Underreported Income" sounds very official.

And it's timely: users of Yahoo.co.uk have, for weeks, been subjected to a huge banner ad telling users that they are running out of time to declare offshore holdings. And HM Revenue and Customs issues frequent media releases hoping that reminders will be published, informing holders of offshore accounts that, if income is declared before an imminent deadline, there may be a discount on penalties.

And so, with a fake reply address of "no-reply@hmrc.gov.uk" (but also a spoofed address at rmwlaw.com, who must, by now, be very fed up with getting bounces) the message below has some credibility:

Taxpayer ID: vasily.kaczmarek-00000353827863UKTax Type: INCOME TAXIssue: Unreported/Underreported Income (Fraud Application)Please review your tax statement on HM Revenue and Customs (HMRC) website (click on the link below):review tax statement for taxpayer id: vasily.kaczmarek-00000353827863UKHM Revenue and Customs

At least it may have had if

a) it had not been addressed to vasily.kaczmarek@coady.me.uk but arrived with one of our teamb) the message not originated from the mail service in Japan.

Also, the mail contains a link that goes to a server with a UK domain name: esssyze.co.uk

Although the domain exists, it is registered to an obviously fake name and address by GX Networks Ltd t/a 123-Reg.co.uk and hosted at greendoglong.com - a webhost that URIBL says has been identified as host for the sender of 16 spams in the past seven days.