Tax does not have to be tasking, says Moira!
As the UK self assessment tax return deadline for online completion draws near, and the US tax season begins, we at Websense Security Labs again see an increase in related spam.
The most recent attacks are mainly "form-based." Our Threatseeker network finds these coming in several varieties, but the main one is a request for the recipient to complete an attached HTML form or zipped file containing an HTML form. Given that it is tax season, this phishing attack often takes the form of welcome news: it purports to be an email notification from the tax office indicating a refund. As usual, spammers are keeping abreast with the important events of the season, and know that January is when the public usually submits returns and starts getting refunds. The form-based approach is a slight variation--the spammers don’t seem to be restricting themselves to the usual direct links to phishing sites to lure unsuspecting recipients to divulge personal details.
Websense customers are proactively protected against this attack via both email and Web channels by our Advanced Classification Engine - ACE.
What are form-based email attacks?
Form-based attacks are a type of phishing. Instead of using a link to take the recipient to a phishing site, they include a form that the user is asked to complete. When the user completes and submits the form, the details are sent to the attacker. The short video below shows an example of a form-based attack.
As shown below, several of the attacks are very convincing. We can see how a user might fall prey to such a scam. The first of the samples is aimed at users in the United Kingdom, and includes a picture of Moira Stuart, who plays the narrator in the HMRC television advert. The second sample is aimed at users in the United States users, as the content suggests (IRS).
Other form-based samples that we see in the wild include campaigns that target:
- LlloydsTSB Bank
- HSBC Bank
- Santander Bank
- Alliance & Leicester Bank