Bad Phishing Scam Emails- Don’t be Victim


A new wave of fraud emails is circulating, but many are quite easy to find.

There is a new wave of phishing scams to try and give your credit card details or passwords to the unwary. Thankfully, while some are worryingly convincing, others are surprisingly poor.

The Mimecast cybersecurity company has found a rise in scams using the promise of tax refunds to encourage people to give up their personal information, including their name, address, telephone number and card details.

The growth in scams is likely to coincide with the deadline of 31 January to submit HMRC self-assessment tax returns. In the United Kingdom, around 12 million people are required this year to complete a self-evaluation tax return, so such schemes can seem like an enticing proposition.

“Many people see this process as an annual headache and this pressure can make them even more susceptible to these sorts of scams,” Mimecast said.

Fortunately, many of these scams have stylistic oddities and grammatical howlers, which should guard attentive readers. Spelling errors, titles for government agencies that do not sound right and other design issues will function like alarm bells. Another tip is that they obviously come from non-official email addresses. Nevertheless, other schemes are far more difficult to distinguish from the facts and to mimic the look and feel of tax authorities successfully.

Whether they are good or bad, “unfortunately, attacks like these do work and that’s why they continue to grow in popularity,” said Carl Wearn, Mimecast’s e-crime boss.

“Any unexpected communication from an organisation asking for these details is almost certainly going to be a criminal attempt to steal your credentials via a seemingly genuine website. For any site where you must use your login credentials, it’s imperative that you navigate these websites using your browser,” he said.


Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.