A friend sent me this link, which is an interesting spin on the old “HMRC tax refund” scam – a fake HMRC claiming your bank wants to issue a refund instead.
Click to Enlarge
As you can see below, they have a large selection of banks to choose from (in keeping with more common phish attacks):
Click to Enlarge
Everybody from NatWest and HSBC to Santander and Halifax are in there. Most of the bank specific pages all ask for the same kind of personal information, but if one of the banks asks for something unique to them (such as a banking PIN or other security feature) the phishers have taken care to include those too. If your bank isn’t included, no problem: they have a generic “catch-all” page for you to sign up to years of identity theft and a couple of days worth of “Who bought all this stuff on iTunes”?
Here’s a sample of the information asked for on the Barclays page:
Click to Enlarge
Deep breath: name, address, phone number, email (and email password!), national insurance number, information related to your parents, how long you’ve lived at your address, employment status / income, your full card details (of course) and everything related to your online banking account.
I think “Ouch” is the word we’re looking for.
HMRC do not issue tax refunds by email, they most certainly do not have websites where banks want to issue you with refunds, and they also know how to spell “being” (take another look at that second screenshot).
Avoid like the plague.
Christopher Boyd