A new SMS phishing (sometimes called “smishing”) campaign has been targeting UK residents. The HM Revenue and Customs (HMRC) tax rebate scams have been tricking many people into giving away personal information to attackers such as names, addresses, passport numbers, etc. The attack begins with an SMS message that either tells the user that they have a tax rebate they are eligible for, or that they own tax money. Once the user clicks the link included in the message, they are taken to a webpage targets online banking customers based on a sort code. By using the sort code, the attackers can identify which bank the victim uses. From there, a phishing page for that page is displayed where the user would enter their username, password, memorable words, 2-Factor Authentication, etc. This campaign uses an extensive workflow, making the user go through many pages and supply a lot of information. The phishing web pages that are used are designed to mirror that of the legitimate ones. Many different sites have been used, with new ones being added daily as old ones start to become marked as spam.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in