Over the past 24 hours Topsec Engineers have noticed a massive spike in the number of the below Revenue Phishing emails which appears to come from revenue.ie. The email claims that the receiver is due a tax refund and must submit a Form 12 urgently. Conveniently, there is a “link” to the Form 12 in the email.
However, this is not the case, these emails are not from Revenue. Someone has simply spoofed the revenue.ie domain and is looking to phish unsuspecting persons for sensitive information to use for their own financial gain. As you can see below, the link to the Form 12 is not to the Revenue’s website (as would be expected) but to a bogus landing page where you will be prompted to share sensitive information. Sometimes these links (when clicked) can download malicious software onto your machine so it is advised to never click links within emails which are unexpected or from unknown senders.
Topsec have put several measures in place to block these emails for our customers, however these types of emails which appear to come from revenue.ie are very common and appear in the media regularly. The reason hackers can spoof the revenue.ie domain is due to the fact that Revenue have a soft fail SPF in place. However, if they put a hard fail SPF in place, this would eliminate the ability to spoof the revenue.ie domain. We recommend that all our customers have hard fail SPF records in place.
With regards to similar previous email scams, Revenue has said they never send emails requiring customers to send personal information via email.
“Anyone who receives an email purporting to be from Revenue and suspects it to be fraudulent or a scam should simply delete it,” they said. “Anyone who is actually awaiting a tax refund should contact their local Revenue Office to check its status.
“Anyone who provided personal information in response to these fraudulent emails should contact their bank or credit card company immediately.”
It said people should note that their email addresses can often be found from publicly available sources, or randomly generated.
“Therefore, if you receive a fake email that appears to be from Revenue, this does not mean that your email address, name or any other information has been gathered from Revenue’s systems,” they added.
What to do if you receive these Scam Revenue Emails:
Revenue says that steps that taxpayers can take to ensure their online safety include:
- Revenue does not recommend sending personal information by e-mail. Revenue’s secure online enquiry facility, called MyEnquiries, is a structured online contact facility that allows customers to securely send and receive correspondence to and from Revenue, instead of using e-mail. Agents can also submit queries on behalf of their clients. New users can register for MyEnquiries on revenue.ie.
- Anyone who receives an e-mail purporting to be from Revenue and suspects it to be fraudulent or a scam should simply report it to 'firstname.lastname@example.org' and delete it.
- Anyone who provided personal information in response to a phishing e-mail should contact their bank or credit card company immediately and report the matter to Gardai.
- Anyone who is awaiting a tax refund should contact their local Revenue Office to check its status.
- Anyone who receives an e-mail demanding payment of tax about which they have any doubt, should contact our Collector General's Division (1890 20 30 70).