HMRC Emails

[John15]

I've had several scam emails from 'HMRC' recently saying I'm due a refund.

John

 

[SteveF]

i assume with a link to open

just be aware there is a very nasty virus going around at the moment
locky or crypto
it is ransomeware and will destroy via encryption every file you have

not nice

Steve

 

[dexter]

I had the same last week, binned it straightaway. Had a couple of PayPal ones as well about unusual activity on my account. Seeing as how I've not used PayPal for years they got the same treatment.

 

[Sheptonphil]

i assume with a link to open

just be aware there is a very nasty virus going around at the moment
locky or crypto
it is ransomeware and will destroy via encryption every file you have

not nice

Steve

See two or three of the locky infections a week at the moment, every document, picture and music file locked. Only way forward is to totally wipe the hard drive and start again. Make sure you keep a backup of all important files on an external device.

The cost to allegedly unlock the files is three or four bitcoin. But, three bitcoin cost £1200, not traceable and no guarantee then you will get an unlock code. Hence its called ransom ware.

I run a very small, simple batch file to incrementally do a backup, so each time now it takes mere seconds to run. There is no need to run these norton type backups gag clone the whole computer, take an hour plus and are generally not that easy to restore for the average user.

Phil

 

[RogerS]

Phil

Just so's I understand what's going on with these two or three infections. Have these people not heard of programs like Norton etc ? Or do these ransomware bugs get in via a different vector that Norton don't pick up on ?

 

[SteveF]

2 ways i know of

via opening a scam email
insecure computer via remote desktop
antivirus software doesn't care if u want to open a dodgy email

where are your backups going Phil?

if it is a mapped drive then say goodbye to them too

Steve

 

[RogerS]

2 ways i know of

via opening a scam email
insecure computer via remote desktop
antivirus software doesn't care if u want to open a dodgy email

where are your backups going Phil?

if it is a mapped drive then say goodbye to them too

Steve

My understanding was that if it was a dodgy email the Norton would pick it up.

Insecure computer....well, that's what AV software is for, surely ?

 

[Ali]

Is this a ukworkshop thing? Just received a message saying I'm owed £336 with a link to some phising page no doubt

 

[SteveF]

far from a ukworkshop thing
I have had 11 clients faced with this issue
all but 1 I have resolved, which was my inefficiency to protect this one
I have "someone" trying to fix this for me

Steve

 

[Sheptonphil]

Phil

Just so's I understand what's going on with these two or three infections. Have these people not heard of programs like Norton etc ? Or do these ransomware bugs get in via a different vector that Norton don't pick up on ?

It's not picked up by antivirus programmes as it is not an infection as such, merely a script that adds encryption to the user files. With the correct 'key' the files would be in the same state as before, so in essence nothing malicious is happening.

By external storage I mean totally detached when not being used, like a USB type, not NAS storage or even a second drive or partition in the same computer.

Phil

 

[SteveF]

luckily i have most clients with a nas that is not mapped and the backup uses url
also have the recycle bin enabled on them

just this 1 damn client that knew better and mapped the drive so could monitor backup

grrrr

Steve

 

[DrPhill]

I got one today. I am impressed with the quality: .

The give-aways for me

• No evidence they know who I am (no name/postcode/account number
• the link for the main 'click me' was not the official one, but a dam good try: redir.tax.reffund.co.uk.
• The revenue don't owe me any money

The domain 'reffund.co.uk' is not registered. What is the scam here as they cannot receive the clicks?

 

[RogerS]

Phil

Just so's I understand what's going on with these two or three infections. Have these people not heard of programs like Norton etc ? Or do these ransomware bugs get in via a different vector that Norton don't pick up on ?

It's not picked up by antivirus programmes as it is not an infection as such, merely a script that adds encryption to the user files. With the correct 'key' the files would be in the same state as before, so in essence nothing malicious is happening.

By external storage I mean totally detached when not being used, like a USB type, not NAS storage or even a second drive or partition in the same computer.

Phil

Norton claim to trap this stuff. So, if they do, then leaving aside Zero-Day attacks then how come PC's get infected? Either Norton are telling porkies or some PC users still haven't got the message about AV programs in which latter case they deserve what they catch.

 

[DrPhill]

Thank you for letting us know about the suspicious email you have received. We can confirm that this is a scam, and was not issued by HMRC.

Our specialist team will investigate and take the necessary action. Whilst we cannot inform you of the outcome of these investigations I can confirm that we do act on each submission we receive.

HMRC will never send notifications of a tax refund or ask you to disclose personal or payment information by email.