Phishing Trio: HMRC, TV Licensing and Scams Phish For Sensitive Data in the UK

This week, Bitdefender researchers spotted a phishing trifecta targeting hundreds of British citizens with fraudulent emails impersonating Her Majesty’s Revenue and Customs (HMRC), and TV licensing. These separate phishing campaigns appear to be the work of a single group, with most of the fake emails sent from the same IP address in Nuremberg, Germany.

Claim your income tax return here

The first wave of phishing emails impersonating Her Majesty’s Revenue and Customs dropped June 22, landing in Inboxes across the UK and Ireland.

In the sample below, fraudsters try to persuade the recipient to claim his tax return of over £3,700 by offering a 24-hour window in which he needs to sign up to a government website.

Users who naively access and provide their data risk account hijacking, financial loss and identity theft.

Bitcoin payment received

The second runner-up of this phishing trio targets cryptocurrency aficionados who have set up an account on, a well-known cryptocurrency blockchain explorer and crypto wallet service. The cyber-crooks use subject lines such as “Bitcoin Payment Received” to lure targets.

In the sample below, one lucky user received a bitcoin transaction valued at over $55,000. Recipients are urged to access a link and log in into their accounts to view additional details of the transaction. Unfortunately, by doing so, the user hands their credentials to the cyber crooks, who can then drain their account.

Something’s gone wrong with your TV licensing payment

Third runner-up in this fraudulent scheme is a phishing campaign masquerading as a payment notification from

The message announces to recipients that their latest TV license payment could not be debited from their account. If users do not sign into their online account and pay using a debit or credit card, they risk losing their license. Additionally, their information will be transferred to a debt collection agency. “To change your payment method, have a look at all your options,” the message reads. “So, all you need to do is make sure there’s enough money in your account.

Or , if you prefer to pay the missed amount now, you can sign in online and pay using your debit or credit card. While you’re signed in, please make sure we have your correct bank details.”

Cybercriminals are clearly interested in all kind of user’ data, from account credentials, credit card numbers and assortment of personally identifiable information that can be used to fuel fraud and other identity-theft related crimes.

To protect your personal and financial data, always check the sender’s email address and hover on any embedded links to check the name of the website you’re supposed to access or login into.

Remember, some cybercriminals are not English proficient, so ma sure you read the emails carefully and look for any spelling and grammatical mistakes.

As a rule of thumb, always be suspicious of unsolicited email correspondence, and never provide sensitive or banking information to anyone.

Note: This article is based on technical information provided courtesy of Bitdefender Antispam Lab

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top