Sunday 14 March 2010

Phish Rots from the Head

Whilst checking my Spam Filter I came across a really interesting offering from Somewhere East of Eastbourne. In 2009 I overpaid my taxes and got a refund — My sincere thanks to Mrs Shah and colleagues in Bradford Tax Office for increasing my cheer.

However last week this Phishing email arrived, horrifically, with the correct figure for the amount I was due.

Think about it. This means some Evil Spammer has got into the UK Tax System and dredged out some detailed personal figures to add verisimilitude to their Rotten Wet Phish.

PS Competition for insomniacs: There are at least five reasons, evident to my amateur Inspector Clouseau eye, why this message cannot be genuine, apart from the skill of my Apple Mail Spam Filter in weeding it out. Can you guess what they are?

9 comments:

David said...

I would think that the email address (the domain is not the hmrc), the spelling mistake for 'lengthen' in the third paragraph, the weird timing (is it 15-30 days or a week or 48 hours) are all pretty good clues.

It is always worth hovering over the link as well. If you do so, you'll discover the url it is sending you to and I'll bet my mortgage that is some weird web address, probably based overseas.

As you say, scary though. I just had a thing through from the NHS about Summary Care records. It may sound miserly but I'm opting out - I don't trust them as far as I can throw them with any personal data in a massive database. Having been a project manager for such things, I know how feature creep, politics and half-*rsed specification processes can derail and probably will derail any government IT project.

Steve Hayes said...

I don't know what your five things are, but for me the main one is to haver my coursor over the "click here" and see what address it points to. In phishing attempts it doesn't look anything like what it claims to be.

I usually forward those to the fraud department of the bank, if it's a bank I've heard of (they often aren't).

maggi said...

apart from the fact that the tax office rarely volunteers a refund, they wouldn't send it by email...

also their email addr is incorrect, "eligible" is the wrong word, and if you are really due a refund they just send you a cheque. Rare, but true.

madhat said...

Well, the various spelling mistakes seem a little suspicious. As does the inconsistent information with regard to how long the process will take.

Anonymous said...

You have reported this in full with headers to Her Maj's inspectors? phishing@hmrc dot gov dot uk, iirc.

(VG)

Bishop Alan Wilson said...

Many thanks fto all for sleauthing skills, especially David for spotting the spelling mistake which I had missed.I'm sure your and Steve's idea of hovering over the link would always help, though sometimes they make up convincing sounding addresses; as people have spotted the lack of a "gov.uk" is certainly a telling sign. Maggi's right, this just isn't the way these things are dealt with. I think the way things are expressed is delightfully improbable — the phrase about "fiscal activity" seems non-English, and leads me to speculate this may well originate back in the USSR (as the Beatles used to say) rather than Nigeria. If it were Nigerian it would probably come with blessings in the name of our powerful Lord... I have reported it, and hope whoever leaked the info gets caught and made to stand in the corner without any milk at break.

Erika Baker said...

Don't ever trust emails that have monetary values in the subject line.
No-one can guarantee that you will personally pick up this email and potentially advertising your personal financial details to the world is illegal.

byron smith said...

Some missing full stops is another clue.

Bishop Alan Wilson said...

Erika, many thansk for extra info which I didn't know; I also hadn't noticed the non-standard punctuation.

Related Posts Plugin for WordPress, Blogger...