Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | (show all)   Print Thread
Standard User OCdragon
(experienced) Wed 05-Feb-14 09:26:45
Print Post

I have just received this e-mail, possible SCAM???


[link to this post]
 
I have just received this e-mail, apparently sent from HMRC UK, but I am feeling very suspecious about it!!! It has an attached ****.ZIP file in it as well. Does any one received the SAME e-mail???

Title: HMRC Employer Alerts & Registrations <employers@alerts.hmrc.gov.uk>

Contents:

Thank you for your registration details which have been recorded for email alerts purposes only.

We expect to send you three email alerts a year - February, May and December. These will give you the links to the latest Employer Bulletin and HMRC PAYE Tools (previously the Employer CD-ROM).HMRC may also issue other messages throughout the year.

Please complete all relevant sections of the attached application form and attach the appropriate documents to confirm your identity.

Intel E4300 OC with 2GB RAMs,Speedtouch 585 Modem/Router and Windows XP Pro
Moved to Plusnet unlimited fibre from O2 ADSL2+ since this May!!!
Standard User cheshire_man
(knowledge is power) Wed 05-Feb-14 09:46:22
Print Post

Re: I have just received this e-mail, possible SCAM???


[re: OCdragon] [link to this post]
 
My instinct is to be very suspicious...

The email address you gave, is that the visible one? Is it the same as when you hover the mouse over it?

While this page doesn't contain your specific concern, it may be helpful.

Tony
We have more and more laws, and less and less enforcement
Standard User billford
(elder) Wed 05-Feb-14 10:18:22
Print Post

Re: I have just received this e-mail, possible SCAM???


[re: OCdragon] [link to this post]
 
Scam- Section 2.1

Bill
A level playing field is level in both directions.

__________Fold at Home_________________Planes and Boats and ... ______________BQMs: IPv4 IPv6


Register (or login) on our website and you will not see this ad.

Standard User ian72
(knowledge is power) Wed 05-Feb-14 10:24:06
Print Post

Re: I have just received this e-mail, possible SCAM???


[re: billford] [link to this post]
 
Interesting, had the same email at work this morning. But, we do use the Employer CD it mentions and I work in IT so assumed it may just have been that someone had sent them the wrong contact details. However, protected for 2 reasons - firstly, zip files are blocked by our scanner so the attachment was removed and secondly I suspect it was spam/incorrectly sent so just deleted it anyway.

Seems our security and my natural levels of suspicion served me well.
Standard User shinerweb
(learned) Wed 05-Feb-14 11:02:36
Print Post

Re: I have just received this e-mail, possible SCAM???


[re: OCdragon] [link to this post]
 
100% Scam...

If you looked at the headers of any such emails, you'll find it was sent from an address other than the HMRC (they used 'fake From:')

Most good AntiVirus programs should be able to detect "faked" email header information and raise a warning. But, with the increase in people using web browsers to view emails these days, the payload often stays on the server until the viewer actually downloads it.
And even after downloading it, the current malware being used in the HMRC scams is updated multiple times per day and pretty much all the AV solutions out there are useless (even if they do update their virus definitions multiple times per day).
One such virus last year went through over 5000 variations. (That's over 13 variances of the same virus in a single day. There is no anti-virus that can protect you against that in real time these days... Only learned behaviour from us as users will protect us).

It's part of a known phishing/malware attack and the payloads (the zip files) usually contain various variants of malware.

Organisations should never ever ever send you attachments. They should direct you to go to their website, log in and download.

The only time you should ever ever ever ever trust getting an attachment these days is if you have specifically been speaking with someone (you know or know of) and they say "I am going to email you an attachment, it will come from this address and I'll send it to that address" etc.

Any email that comes out of the blue with an attachment is decidedly dodgy...

If ever in doubt, before opening any files, use a site such as http:virustotal.com and upload the suspect file to that site.
This site will scan the file using multiple AV/AS vendors and give you a better confidence than a scan from a single program...
If it is a new virus, you will also help have it analysed quicker..

Standard User gomezz
(eat-sleep-adslguide) Wed 05-Feb-14 11:07:27
Print Post

Re: I have just received this e-mail, possible SCAM???


[re: shinerweb] [link to this post]
 
Been getting a lot of these recently. Just Junk or mark as mark as Phishes and move on.

BT Infinity 1 (unlimited)
Standard User jtevans
(member) Wed 05-Feb-14 11:46:01
Print Post

Re: I have just received this e-mail, possible SCAM???


[re: OCdragon] [link to this post]
 
It's a scam. I have had two today to different incorrect addresses which have got on the Russian Mafia Scammers list. The latest was sent from the machine

p50990cf3.dip0.t-ipconnect.de (HELO p50990cf3.dip0.t-ipconnect.de) (80.153.12.243)

Nothing to do with HMRC

I used to sent these to spamcop, but they couldn't scan my genuine headers properly so they blocked my account.

Update - two more received from

mail.pierre-fabre.pl (HELO mail.pierre-fabre.pl) (212.160.156.90)
pd95bca9a.dip0.t-ipconnect.de (HELO pd95bca9a.dip0.t-ipconnect.de) (217.91.202.154)

Jim Evans
Cheshire

Edited by jtevans (Wed 05-Feb-14 13:30:30)

Standard User OCdragon
(experienced) Wed 05-Feb-14 14:36:05
Print Post

Re: I have just received this e-mail, possible SCAM???


[re: cheshire_man] [link to this post]
 
I have just forwarded it to "phishing@hmrc.gsi.gov.uk" for their further investigation! I have deleted this highly suspicious e-mail as we speak! Thanks for the info.

Intel E4300 OC with 2GB RAMs,Speedtouch 585 Modem/Router and Windows XP Pro
Moved to Plusnet unlimited fibre from O2 ADSL2+ since this May!!!
Standard User OCdragon
(experienced) Wed 05-Feb-14 14:43:06
Print Post

Re: I have just received this e-mail, possible SCAM???


[re: shinerweb] [link to this post]
 
Thank you for your info. I have deleted this e-mail received as I never asked for it nor registered for it!!!!! However I did received e-mail/s with attachments in the past via my travel agents, but I was told that I would expect that.

Intel E4300 OC with 2GB RAMs,Speedtouch 585 Modem/Router and Windows XP Pro
Moved to Plusnet unlimited fibre from O2 ADSL2+ since this May!!!
Standard User caffn8me
(knowledge is power) Wed 05-Feb-14 14:43:38
Print Post

Re: I have just received this e-mail, possible SCAM???


[re: OCdragon] [link to this post]
 
I'm missing out on HMRC emails but today there have been several allegedly from Barclays and others from payroll@adp.com with a "payroll invoice" zip file attached.

My mail server rejects most but a few get through, although the zip files don't.

Needless to say, examination of the headers shows that none originate from the source claimed.

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs
Pages in this thread: 1 | 2 | 3 | (show all)   Print Thread

Jump to