Subscribe to RSS News Feed
About Spamhaus  |  Press Office  |  FAQs   
UK Tax Office Sends an Invitation to Phishers

2011-09-30 12:45:00 UTC, by Quentin Jenkins
Recent News Articles

Network Hijacking on the Rise

Subscription Bombing: COI, CAPTCHA, and the Next Generation of Mail Bombs

More Domain Stats: The 10 Most Abused Registrars

SBL/ZEN DNS lookups to return DROP/eDROP status

Spamhaus Presents: The World's Worst Top Level Domains

Verizon Routing Millions of IP Addresses for Cybercrime Gangs

Brazilian internet users suffer SoftLayer's security fail

Network under attack? You might be surprised where that's coming from!


Older News Articles:
Spamhaus News INDEX

Phishing. Broadly speaking, sending out emails which misdirect people to supply confidential information to miscreants. One such ruse in the UK has been to send out tax rebate emails purporting to come from the UK tax office, HMRC.

So on Friday, in a stroke of genius, HMRC sent out the following:


To our mind the key error here is supplying links in the email which can be altered behind the scenes to drop the unsuspecting onto malicious websites. While this email doesn't do that, it's setting up the expectation that HMRC will send out emails with inline links which people are expected to click on. If the link has been changed behind the scenes, where will you end up? Certainly not HMRC servers. More likely you'll end up on a site hosted in Russia or the Ukraine that pretends to be the UK's HMRC.

If you're security minded, you can look at the raw email at which point another "error" comes to the fore. The email doesn't actually come from HMRC's servers, it comes from:

Received: from BCEXCH.capitalcommunicationsgroup.net 
(unknown [213.208.84.131])
 by [cut] (Postfix) with ESMTP id [cut]
 for < [cut]>; Fri, 30 Sep 2011 12:14:54 +0100 (BST)
 Received: from CCGMSCTD ([192.168.1.20]) by BCEXCH.capitalcommunicationsgroup.net with Microsoft SMTPSVC(6.0.3790.4675);

Who are capitalcommunicationsgroup.net? One has to assume they're the ESP ("Email Service Provider") appointed by HMRC to deliver their bulk email. Should one have to make these assumptions when we're talking about something as sensitive as tax?

And then in the final line, HMRC have set up the expectation that a similar email will be sent out in February 2012.

Surely to any self respecting phisher, this is a godsend? A couple of simple changes and you've got a very credible phishing email.

While we do appreciate the difficulties faced by organisations when wishing to communicate with their customer base via email, we'd put this one forward as a text book case as to how not to do it.



Spamhaus Information

Press Office
Spamhaus News Index
Spamhaus in the media
About Spamhaus
Spamhaus Official Statements
Article Information

Permanent link to this news article:
UK Tax Office Sends an Invitation to Phishers
https://www.spamhaus.org/news/article/671/uk-tax-office-sends-an-invitation-to-phishers

Subscribe to RSS News Feed
Spamhaus News Quotes

Permission to quote from or reproduce Spamhaus News articles is granted automatically providing you state the source as Spamhaus and link to the news record.
© 1998-2016 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy