Inland Revenue phishing attack just the 'peak scam' of the moment says Netsafe

Tuesday, 23 July 2019

This is the fourth time Inland Revenue has rung the alarm over phishing scams in less than two years.

A phishing attack that is designed to scam people who are expecting Inland Revenue refunds appears to be the 'current peak scam' but is not otherwise unusual, says Netsafe chief executive Martin Cocker.

Inland Revenue sounded the alarm on Monday after 900 scam emails that were addressed to make them appear to have come from the department were reported to it over the weekend.

The number of reports, which had since grown to more than 2000, led Inland Revenue to conclude the phishing attack was widespread.

The emails advise people they are due a tax refund and attempt to trick people into a visiting a website and disclosing their credit or debit card details and other personal information.

* IRD scam targets 900 people with 'convincing' yet 'bogus' email

* Inland Revenue warns about new tax return scam

* Inland Revenue issues 'urgent' scam warning**

Inland Revenue said the scam emails cited fake IRD numbers and did not make use of personal information held by Inland Revenue, indicating it had not been subject to any data breach.

'We have not seen any examples where the IRD number has been right,' Inland Revenue spokeswoman Gay Cavill said.

The department has previously drawn attention to other phishing scams sent out in its name, including one in December and another in 2017 that it also labelled 'particularly sophisticated'.

Cocker said Inland Revenue was not to blame and there was little it could do to prevent scammers from impersonating the department in phishing emails.

'The reality is IRD is always going to be a target for scams because it does fine people and pay out refunds, so the first premise of the scam communication that the IRD is contacting you about one of those two things is reasonable and believable.'

Inland Revenue had also gone through a system change which meant it looked different to deal with, which increased the opportunity for scammers, he said.

'They have to go through systems changes. It does make them a little bit vulnerable but it is not at all their fault.'

At least two people have now reported falling for the latest scam, but Cocker said 'success' rates for phishing scams did not tend to be high.

'Often these scams are widely circulated but they don't necessarily lead to significant losses, and this could well be in that category.'

Despite Inland Revenue's description of the latest scam as sophisticated, Cocker said it did not appear to be 'particular different' from other phishing scams, which are run-of-the-mill for most email users.

'I haven't dug deep into it, but it looks like a pretty standard sort of attack to me,' he said.

Cavill said 2000 people had now reported receiving the phishing emails, but Inland Revenue assumed that would only be a small fraction of the total number who had received them.

'Most people will have ignored or deleted the email rather than reporting it.'

Inland Revenue had managed to get the webpage that the scam messages initially linked to taken offline, but new scam webpages to harvest victims' credentials had sprung back.

Cavill said the links in the emails changed all the time.

'Often the links come back up again and we get them taken down again. This is an ongoing battle.'

The scam webpages were hosted 'all over the place', often on websites that had been hacked, and Inland Revenue did not know the source of the scam.