Story image

120 reports in 12 hours: Kiwis hit by IRD tax refund scam

25 Aug 2017

Inland Revenue has issued an urgent warning about a tax scam that has caught many people off guard today.

The agency has received about 120 calls in the last 12 hours alone about the scam, which purports to be from Inland Revenue.

According to a statement from Inland Revenue, the email and attached form look ‘very convincing’.

The phishing scam’s sender address “appears as “Inland Revenue Department” but is actually sent from IRDxxxxx@s1.nzr.review. The address is false, but looks convincing to the layperson’s eye,” a statement from Inland Revenue says.

“A form comes as an attachment called TaxReturn.HTM. Again it looks convincing but is fake and designed to collect personal and credit card data,” the statement continues.

Inland Revenue strongly warns recipients not to open the attachment.

If you have clicked on the form and submitted any personal or credit card data please contact your bank immediately.  We also recommend you contact IDcare (http://www.idcare.org or phone 0800 201 415).

People can also notify Inland Revenue at phishing@ird.govt.nz

The content of the phishing email is below:

From: "Inland Revenue Department" <IRDny621@s1.nzr.review> Date: 24 August 2017 at 17:41:31 GMT-6 To:  Subject: IRD Refund Status (IRD-1G993) Inland Revenue Department (IRD) 25-August-2017 As you were informed, we have determined that you should receive a tax refund. We have tried to process your refund however, the transaction has not been authorized. Possible reasons are: - Your financial information has been changed or updated; - Error with your personal information (e.g. misspelled name or address). To receive your tax refund, please follow next steps: - Save the attached tax return form and open it in a web browser (e.g. Safari, Firefox or Chrome). - Once opened, you will be provided with the steps to complete and submit your tax return form. Please allow up to 28 days for your refund to be processed. In the meantime, if your financial details are changed, please resubmit the form. If you can't download, open or submit the form, please try using a different browser. Andrew Allen Inland Revenue Department Message ID: IRD029 This mailbox is not monitored and you will not receive a response before to submit the form. To Unsubscribe from future notifications, reply to this email with Unsubscribe in the subject line.

Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Singapore firm to launch borderless open data sharing platform
Singapore-based Ocean Protocol, a decentralised data exchange that promotes data sharing, has revealed details of what could be the kickstart to a global and borderless data economy.
Huawei picks up accolades for software-defined camera ecosystem
"The company's software defined capabilities enable it to future-proof its camera ecosystem and greatly lower the total cost of ownership (TCO), as its single camera system is applicable to a variety of application use cases."
Tech community rocked by deaths of Atta Elayyan and Syed Jahandad Ali
Both men were among the 50 killed in the shooting in Christchurch last Friday when a gunman opened fire at two mosques.
NZ ISPs block internet footage of Christchurch shootings
2degrees, Spark, Vodafone and Vocus are now blocking any website that shows footage of the mosque shootings.
Barracuda expands MSP security offerings with RMM acquisition
Managed Workplace delivers an RMM platform with security tools and services, such as site security assessments, Office 365 account management, and integrated third-party antivirus.
Flashpoint: APAC companies must factor geopolitics in cyber strategies
The diverse geopolitical and economic interests of the states in the region play a significant role in driving and shaping cyber threat activity against entities operating in APAC.
Expert offers password tips to aid a stress-free sleep
For many cybersecurity professionals, the worries of the day often crawl into night-time routines - LogMeIn says better password practices can help.