Web security company inadvertently aids HMRC phishing attack

Status
Not open for further replies.

admin

Administrator
Staff member
Administrator
Web security company M86 Security Labs, which is now part of TrustWave SpiderLabs, is inadvertently helping fraudsters to carry out phishing attacks against HM Revenue & Customs.

m86-hmrc-email1.png

The text within this HMRC phishing email is actually represented by a PNG image, which is loaded directly from the M86 Security Labs website.


The spoof emails involved in the ongoing attack look practically the same as many previous HMRC phishing emails — and that's because the content within the email body is being served directly from the M86 Security Labs website. The emails simply display a PNG screenshot of an email that was featured in a 2010 blog post by M86 Security Labs, which warned potential victims about an HMRC phishing attack.

Ironically, the screenshot featured in that blog post is now being used as a key component of the current attacks against taxpayers.

email-html.png

The HTML source of the email body, which displays the 24kb image from the M86 blog post.

m86-blog.png

The image as it was intended to be shown on the M86 Security Labs blog.


Clicking anywhere on the image in the phishing email takes the victim to an HMRC phishing site hosted in Turkey. This initially prompts the victim to enter their email address, full name and date of birth, before a subsequent page asks for even more information, including the victim's postal address and card details.

hmrc-phishingsite.png


Fake HMRC tax refunds remain a popular ruse. Netcraft blocked 1,150 HMRC phishing sites last month alone, and notably discovered one hosted under the trusted gov.uk domain in 2009.

Continue reading...
 
Status
Not open for further replies.
Back
Top