Revenue.ie – Email Scam !

This one is really convincing – when you open the link it opens a page on your desktop browser (not online) they use the correct font colours and logo and so it seems legitimate so how do you know its not real ?

  1. As with all official bodies Revenue.ie DO NOT send refund emails – it is all done through their website where you have to login etc..
  2. They are looking for Credit Card Details or bank account Details – This is what the scam is all about – you handing over the card numbers and security details will allow the scammer to use your card to purchase goods or transfer cash.
  3. The English used in the email although accurate, is lacking the tone of an official email. ( Dear “Applicant” is an incorrect term and referring to the tax return form as “it” is not specific enough for official guidelines.

Revenue.ie are aware of this scam and have posted a page on their website here : http://www.revenue.ie/en/spotlights/email-scam.html

What to do ?

  1. Delete the message – report it to revenue.ie
  2. If you have already filled in the form – contact your bank and credit card company immediately 

Screen Shot 2016-01-28 at 10.17.27

Screen Shot 2016-01-28 at 10.03.13

 

Lets have a look at the code in the Form see can we get any clues of the origin of this page.


How they managed the accurate style : The style is being imported directly from The real Revenue Website

Screen Shot 2016-01-28 at 10.24.28


The Form : the we can see below where the form information is being sent to once completed :

Screen Shot 2016-01-28 at 10.27.42


When you I go to this address it leads to revenue.ie home page (this bit is set up in the code so that you are convinced that it was sent to correct website)

When I go to the home page of the website link it is just a normal website – Which I presume their Joomla built website has been hacked ! and they setup this Revenue form without the owners knowing.

It seems there website is offline but – I will notify them by email.

Screen Shot 2016-01-28 at 10.31.39