Tax refund email is too good to be true

Graham Cluley
Graham Cluley
@[email protected]

The holiday season can be taxing for many of us.

Your house is full of unwanted relatives, kids are crying that they wanted a cuddly Adipose toy not a voice-changing Cyberman’s mask, and – of course – a mysterious absence of batteries as soon as the presents have been unwrapped.

If you decide to escape from it by over-indulging in eggnog, be careful that you don’t let your defences drop when it comes to securing your computer and bank accounts.

Take this spam email which I just saw, for instance. It’s targeted at British tax payers, but we’ve seen similar phishing scams pretending to come from, say, the American IRS in the past.

Sign up to our free newsletter.
Security news, advice, and tips.

British tax phish

Sounds too good to be true, doesn’t it? And of course it is.

Everyone would love to get an unexpected windfall, especially if you have spent a little too much money on the festivities. But clicking on that link will actually take you to a bogus website attempting to steal your credentials. Forget Santa and his reindeer helping themselves to a mince pie and carrots as they do their rounds, identity thieves will soon be emptying your bank account.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.