Victims of HMRC data scandal being targeted online

McAfee finds evidence of phishing attack


22 February 2008 12:32 GMT / By Katie Scott

It seems that fraudsters are now targeting victims of HMRC data scandal, when details of 25 million child benefit recipients were lost.

The records, which included confidential details such as bank and building society details, NI numbers, addresses and child records, were announced as missing by Chancellor Alistair Darling on 21 November.

And now, fraudsters are targeting the very people whose details went missing.

McAfee has now discovered a phishing attack that targets these victims by offering the recipient the opportunity to claim a tax refund of £215 from the Government.

The email contains a link to a suspect site.

"This phishing attack has echoes of traditional get rich quick scams, praying on the desire to be compensated for the Government losing their data, but people must learn that there really is no such thing as free money." 

"Recent high profile data loss incidents have left the public more vigilant about handing over information that has any link to HMRC, so this may not be the most thoroughly considered phishing attack", said Greg Day, McAfee security analyst.
 
McAfee explains that phishing scams use fraudulent emails and websites, to impersonate legitimate businesses, in hopes of getting you to disclose your personal information.

It says that legitimate businesses will never send an email asking a customer to update personal information.

Internet users are urged not to enter their personal information onto a pop-up screen, as phishers may direct their victims to the website of a real organisation, but then use an unauthorised pop-up screen.

McAfee also advises internet users to install pop-up blocking software to help prevent this type of phishing attack.

It adds: "When providing your personal information to a business website, check for signs that the site is secure. A padlock icon on the browsers status bar or a URL for a website that begins with 'https:' ('s' indicates 'secure')".

However, it adds to be aware that these signs are not 100% foolproof, since even security icons might be forged.

It also says that users should never cut and paste the link from a message into an internet browser.

It warns: "Phishers can make links seem as if they’re going to a legit place when they’re not. Open a new internet browser and type in the company’s correct Web address manually".
Full tags
Software, Online, McAfee

share print story pdf email story

Recommended articles

Recommended articles from around the web
Loading

Best iPad 2 apps

We detail the best iPad 2 and iPad apps in the app store Which iPad app should you download?

Best new iPad apps

We detail the best iPad apps in the app store for your new Retina Display Which iPad app should you download?

Windows 8

First Look: Windows 8 Consumer Preview reviewed

The new iPad

The new iPad: Everything you need to know

Pocket-lint poll

Q. Does the Samsung Galaxy S III deliver what you hoped for?

Vote YES Vote NO

» LAST TIME
When asked Would you switch from iOS to Android? 54% said yes and 46% said no