HMRC refund seekers target of plishing attack

By Janine de Blois

Friday McAffee discovered a plishing attack email which offers recipients a refund of £215 from HMRC. A link in the email led to a suspicious site which has since been taken down. The website was a legitimate one based in Germany, itself the victim of hackers. “It appears it was a benign web page which had been hacked into - that’s a little bit rare,” said Toralv Dirro, security expert in McAfee’s Avert Labs.

The idea is thought to have come from the massive HMRC data breach in November last year, when two discs went missing in the post. The discs contained records of 25 million child benefit recipients including bank details, insurance numbers and addresses. Likely the same information the plishing sceme was after. “I don’t think they have the data, as they wouldn’t have to do phishing then,” says Dirro, “but because so many records have been lost, it’s likely they’re taking advantage.” Plishing scams are an attempt to get people to disclose personal information. Since professional internet criminals usually have their own servers, he says, “Maybe in this case, it wasn’t real professionals, but a possible first-time attempt.”