I received some very nasty spam allegedly from HMRC titled “Reminder: Please Resubmit Your Refund Payment” today, as you can see below:
Rather than open the attachment, I saved it to my PC and had a read through the source code, as it’s a web page. The HTML revealed nothing much and references various online.hmrc.gov.uk URLs, until you get further down and spot that if you actually submit the form, it will be sent to this address: https://www.radio-rocket.eu/licznik/ndex.php
The page then goes on to grab various image files (security-related mostly, e.g. credit card logos) from sites including abbyparty.com, rbsworldpay.com and argos.co.uk. I’m sure they’ll all be delighted to know their bandwidth is being used to power phishing spam…
Don’t get caught out by this phishing scam – I’m sure most of you wouldn’t, but just in case you’re tempted by a refund from the taxman, resist!