Beware of this convincing HMRC email malware scam

ByCraig Haley

Today we received a convincing email malware scam posing at the HMRC (the UK’s tax entity) that attempted to lure us into opening a malicious email attachment.

The email started with the logo belonging to the HMRC, and then went on to explain that the email’s contents and attachments had been “scanned for viruses by the Government Secure Intranet virus scanning service”.

Of course, this is essentially just a scammer telling you that the contents of their email scam are safe, which of course cannot be trusted. The full text of the email can be seen below –

The secure communication with reference number ID201NLD0012192016 sent by HM Revenue & Customs (HMRC) .
The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Vodafone in partnership with Symantec. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free.
Note: This email was sent from a notification-only email address which cannot accept incoming email. Please do not reply directly to this message.
HM Revenue & Customs
Encrypted File
Sent to: *****@c************.co.uk
Date: December 19, 2016
Type: Protected Document
File Format: Microsoft Word
Encryption Type: RSA 2048

The email may – upon a cursory glance – appear convincing. And because those in the UK those who complete self-assessment tax online have a deadline date in January, many may not be surprised to see an email waiting for them from the HMRC.

However beyond the design and unusually sound grammar, warning signs are still lurking. In the example above, common red flags are still present; one being the email does not address us by name, only by our email. Companies like the HMRC will always address you by your name in the emails that they send you, so consider this a tell-tale sign of a scam.


Sponsored Content. Continued below...




Secondly and crucially, you’re lured into opening an email attachment. Again this isn’t something that the HMRC are ever going to ask you to do.

The same advice applies to all these email scams. Never open the attachment, and if you suspect something may be up with your account – be it an HMRC account, social/banking account or PayPal etc. – go straight to the website instead, and login. Don’t click on links inside an email and certainly don’t open up any attachments. Email scammers rely on their victims opening up an email attachment after being enticed to do so, so be aware!

In this case the email comes attached to an infected Word document. Upon opening the Word document you are asked to “enable content”; this means enabling macros, which are then able to download and execute a malicious file onto your computer, infecting it with malware. Such malicious email attachments are the primary way in which ransomware is distributed.

Keep up-to-date with all the latest cybersecurity threats and our tips to stay safe online. Follow us on Facebook, Instagram and Twitter.

Continued below...


Thanks for reading! But before you go… as part of our latest series of articles on how to earn a little extra cash using the Internet (without getting scammed) we have been looking into how you can earn gift vouchers (like Amazon vouchers) using reward-per-action websites such as SwagBucks. If you are interested we even have our own sign-up code to get you started. Want to learn more? We discuss it here. (Or you can just sign-up here and use code Nonsense70SB when registering.)

Become a Facebook Supporter. For 0.99p (~$1.30) a month you can become a Facebook fan, meaning you get an optional Supporter Badge when you comment on our Facebook posts, as well as discounts on our merchandise. You can subscribe here (cancel anytime.)