September 17, 2014 Leave a comment
Are we all getting €138.50 back from the taxman? No. But scammers with an Italian link are trying to convince Irish recipients they’re legit by sending a mail as Gaeilge.
ESET Ireland has detected many samples of an email, targeting Irish mailboxes, which has a subject “Tax Refund Application” and reads:
From: Revenue – Irish Tax <firstname.lastname@example.org>
Revenue – Cin agus Custaim na hireann
Tar is na romhanna bliantil deireanach de do ghnomhaocht fioscach, n mr dinn a chinneadh go bhfuil t i dteideal a fhil ar aisoc cnach de € 138.50 EUR. Cuir do Iarratas Aisoc Cnach ag lonadh an eForm135. Beidh do aisoc a chur chuig do chuntas bainc sa 2-4 seachtaine seo chugainn.
Nta: Is fidir aisocaocht a moill ar chiseanna agsla, mar shampla, a chur isteach taifid neamhbhail n a bhfuil feidhm i ndiaidh an spriocdhta.
Revenue – Irish Tax and Customs
After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of € 138.50 EUR. Complete your Tax Refund Application by filling the eForm135. Your refund will be sent to your bank account in the next 2-4 weeks.
Note: A refund can be delayed for various reasons, for example submitting invalid records or applying after the deadline.
The email prompts potential victims to fill a form, which, unsurprisingly, leads to a website at http://www.comunespoleto.gov.it, which is an Italian address, then redirects to an Australian-hosted fake website, registered in USA, equipped with all the official markings of Irish Tax and Customs, which asks for personal, bank and card details, which the scammers can then rob.
Any Irish speaker would quickly recognise the translation as a poor Google Translate job, and the scammer’s sloppy copy-paste even removed all the accented characters from the text, which makes it rather useless, but an average unfamiliar user could still be fooled by the fact the mail and forged website are rather official-looking. Phishing mails like this one, using a relatively rare language to address potential victims, show how the cybercriminals are targetting even small countries, just for a chance of profit. The long global path of the scam (Irish targets via Italian link via Australian site with an American site registration) on the other hand shows the complexity of the global business that is cybercrime.
ESET Ireland recommends Irish computer users be on the lookout for scams like this one. Do not reply to the email, do not follow its bad links and never ever give your personal and banking details to such online forms.
by Urban Schrott, IT Security & Cybercrime Analyst, ESET Ireland