Today I received an interesting email.  It was a phishing email purporting to be from the Irish Revenue Service.  It bore the good news that I was due a tax refund, €278 in fact. In these days of economic strife €278 could come in quite handy.  However, closer examination of the email reveals that it is an elaborate scam aimed at gleaning the credit card details of unsuspecting victims.

As you can see from the screenshot of the email below, the email imitates a revenue email quite well. It has the appropriate colour schemes and there are no spelling or grammatical mistakes. However, like most phishing emails it does not address me personally but rather has a generic greeting.

 When I examined the email the link behind “Irish Tax and Custom Refund” I find it leads to a website called revenue-ie.com.  Further analysis of this website shows that it is registered and located in China.  The headers of the email point back to an IP address in the United States.

The fake website also looks quite convincing and it is clear from the page that it is looking for people to enter their credit card details.  Interestingly these details also include the credit card security number and requests the password the victim may be using for the Verified by Visa or MasterCard SecureCode schemes. Other requested information could also be used by the criminals for fraud such as mother’s maiden name, date of birth and also the victim’s phone number.

Of course by entering your credit/debit card details simply means that those details will be in the hands of the criminals for them to plunder your account.  Given that most Irish credit/debit cards now use chip and pin will prevent the criminals from cloning those details on blank credit cards.  However, they can still use your details to purchase high value items from online stores and then resell them to generate money.  This probably explains why they request on the website that you wait for up to two weeks for your claim to be processed.

I reported the site last night to IRISSCERT and it now looks like it is offline.  This does not mean however that it may not appear again so remember;

• Be suspicious of any unsolicited emails that contain links or attachments.  Do not click on those links or attachments without verify the authenticity of the email first.
• Do not click on links in emails. Always open a website from within a browser by typing in the website addressed into the browser
• Most banks, credit card companies, government departments will not send you emails requesting your financial details.
• Keep your anti-virus software up to date
• Keep your anti-spam service up to date. If you do not have an anti-spam solution contact your ISP or email provider as most of them offer this as a service.
• You can always check to see if a website is a Phishing website by going to the Phishtank and checking whether the URL has been reported there.
• You can check if a website contains any malicious content by using a service such as URLVoid or VirusTotal to check the website.

So it looks like we will have to rely on other means other than a refund from Revenue to fund our summer fun.