Pages

Wednesday 18 March 2015

Phish or no phish?

So today, I phoned HMRC; their helpline is 0300 200 3600. I spoke to Emma.

I explained what I'd received; her opinion was that it was a phish. When I said "govdelivery.com", there was no spark of recognition. She suggested that I should forward it to phishing@hmrc.gsi.gov.uk. so I did that, with the following email.

This email did *not* come from gov.uk; I looked at the header and it came from govdelivery.com.

The link to dowenload the software does *not* go to gov.uk (even though it claims to), that also goes to govdelivery.com

I can forward the full thing, including headers, if you want.

I checked here:

https://www.gov.uk/government/publications/genuine-hmrc-contact-and-recognising-phishing-emails/genuine-hmrc-contact-and-recognising-phishing-emails

It is not on the list of "Current list of digital and other contact issued from HMRC"

Looking at "How to tell if an email is fraudulent"

2.1 Incorret email address. Although it says it was from @hmrc.gov.uk, looking at the header shows that it was actually from govdelivery.com

2.2 Personal information. It doesn't ask for personal informaion, it does something far worse, it's asking me to install software on the computer we use for financial stuff.

2.3 Urgent action required. It says "Download now and be ready"

2.4 Bogus web sites. The link claims to go to gov.uk, it actually goes to govdelivery.com. I didn't visit the web site (for obvious reasons) but I checked the domain name with "whois" and it's registered by a company in America.

2.5 Common greeting. It starts "Hello Employer"

2.6 Attachments. There's no attachment; instead, it's asking me to download, install and run their software. Which is worse.


So I phoned 0300 200 3600. I spoke to a lady there who gave her name as "Emma", and she told me that it was a phish, and I should forward the email you you, which I'm doing now.

So here's my question.

Is this a phish? Or is it a genuine email from HMRC, written in such a way as to make it look *exactly* like a phish?


Let's see what happens next.

Meanwhile, I went to the gov.uk web site (which really is HMRC), and downloaded the latest version of Basic PAYE tools, and I'll install that, because at least I can be sure that it's kosher.

No comments:

Post a Comment