Luring people in with the promise of hefty tax refunds and “stimulus payments”, phishers have been targeting users with e-mails purportedly coming from HM Revenue & Customs (UK) and the IRS (USA).
In this time of economic trouble, it is even more likely that desperate users will fall for the scam.
Each of those e-mails has a zipped attachment that supposedly contains an .html file with the form the user needs to fill out and send. Of course, clicking on the send button doesn’t get the information to the appropriate service but to the phishers who will then use it for their own criminal purposes.
It is interesting to note that recently there has been an uptick in form-based e-mail attacks. Apart form the tax-refund-related phishing messages, e-mails seemingly coming from various UK banks and PayPal also containing HTML forms have been spotted by Websense.
Hopefully, this trend means that users have learned not to click on link in unsolicited e-mails. Now, they also have to learn not to opened attachments – even if they are or seem harmless.