The German Federal Ministry of Finance issued a warning to inform about fake emails that promise a tax refund. To receive the refund, the only thing the victim, ehm, excuse me, the taxpayer has to do, is to submit quite a lot of personal data to an HTML form that is attached to the email.
One noticeable fact is that the amount of money granted (EUR 378.25) seems to be pretty reasonable and actually suggests more credibility than the countless Nigeria-Scam mails we’ve seen, that promise thousands and millions of Euros or Dollars.
But, even though the German officialese can drive you nuts at some point, this present email makes it even worse. Some phrases are just odd and one receives the impression that the translation got wrong, even though, compared to the mass of spam mails, this one definitely is a more sophisticated one.
Looking at the attached HTML document, we notice that the German Federal Ministry of Finance implemented an effective way of warning the potential victims. As the spammers copied the ministry’s website’s HTML code, they obviously integrated the original photos. The ministry reacted and exchanged the original photos with tagged ones:
This is the photo displayed in the HTML form after the ministry changed its website’s HTML code. A clever initiative to spread a genuine warning within a fake data submission form!
The phishers implemented a cgi script that most probably sends the data to their servers. The script is not available anymore, it was hosted on a website that was most probably copromised to host the script and was now cleaned again.
The German Federal Ministry of Finance explains that so called notices of amendment would never be sent by email and bank account details would never be asked for in this way. Furthermore, the German Federal Ministry of Finance is not responsible for issuing notices of amendment – this is done by the respective tax offices.
Useful rules of conduct: