{"id":1243,"date":"2016-03-03T18:31:41","date_gmt":"2016-03-03T16:31:41","guid":{"rendered":"https:\/\/www.retarus.com\/blog\/fr\/in-the-name-of-her-majesty-british-phishing-emails-promise-tax-refunds"},"modified":"2024-05-07T19:36:46","modified_gmt":"2024-05-07T17:36:46","slug":"in-the-name-of-her-majesty-british-phishing-emails-promise-tax-refunds","status":"publish","type":"post","link":"https:\/\/www.retarus.com\/blog\/fr\/in-the-name-of-her-majesty-british-phishing-emails-promise-tax-refunds\/","title":{"rendered":"In the Name of Her Majesty: British Phishing Emails Promise Tax Refunds"},"content":{"rendered":"

In recent days, many inboxes have been receiving emails that at first sight appear to carry joyous news. In the subject line they announce a tax refund, and the sender seems to be \u201cHer Majesty\u2019s Revenue and Customs<\/a>\u201d (HMRC) \u2013 the British tax authority. So every recipient with business ties to the United Kingdom is likely to take a closer look. <\/p>\n

Fake form bearing the royal coat of arms<\/h2>\n

In order to benefit from the refund, the user is requested to click on a link – as is typical with phishing emails. The link leads to a convincingly deceptive replica of the British authority website – including an online form. However, the royal emblem at the head of this web form should in no way mislead users to provide the personal details that are being requested (name, address, insurance number, credit card details).

\"Screenshot:<\/a>

Screenshot: Deceptively realistic HMRC web form<\/p><\/div> <\/p>\n

The real HMRC warns of fake emails<\/h2>\n

As the real authority communicates on their own website<\/a>, such personal details are as a rule not requested via email, neither are tax refunds announced in this way. The HMRC lists a whole raft of fraudulent activities and expressly warns that such emails in some cases even include correct sender email addresses belonging to the authority.

\"Screenshot:<\/a>

Screenshot: Screenshot: HMRC phishing mail<\/p><\/div> <\/p>\n

Correct address details are no proof of authenticity<\/h2>\n

Basically, neither a correct sender address nor the right address or telephone details of the recipient should be considered to indicate that such emails are authentic. In comparable waves of phishing<\/a>, attackers have been able to use correct addresses and personal details to mislead recipients. Also, such messages are increasingly accurate in their resemblance of the original messages, both in terms of their content and appearance. The language is correctly formulated and the messages contain authentic logos, fonts and colors. <\/p>\n

How users and administrators can protect themselves<\/h2>\n

In addition to dependable security solutions<\/a> with constantly up-to-date spam and virus protection, an increased level of user vigilance and alert plausibility monitoring is essential. Within a business environment, companies should therefore sensitize employees on how to deal with suspect emails. Irrespective of specific threats – the following basic tips should always be considered: <\/p>\n