Font Size: A A A

Home > Security Products > Cyber > Mailshots pretend to be offers for tax refunds


Mailshots pretend to be offers for tax refunds

Mailshots pretending to be offers for tax refunds are sent worldwide, often as a deadline for filing tax returns and refunds approaches in countries. Criminals may be trying to steal valuable information, or in some cases, install dangerous spyware, according to a quarterly report by the cyber security firm Kaspersky.

Spam and phishing malicious letters usually contain links that lead users to a seemingly legitimate web-page, created by fraudsters and aimed at stealing various types of personal information. These mailshots often exploit seasonal activities to strike victims harder than usual fraudulent tricks, as there is less awareness around them compared to permanent threats. In the case of temporary disguises, scammers can use one of the most effective social engineering techniques – giving a limited amount of time to act, justifying it with the real-life circumstances, and therefore tilting the victim towards making spontaneous decisions, the firm says.

A detected wave of tax refund fraud came under the guise of tax refund letters with short expiration dates. For instance, malefactors used fake major UK tax services to urge victims to follow the link and fill out the form immediately, while emails under the guise of the CRA (Canada Revenue Agency) were giving the recipient just 24 hours to respond, to claim a tax refund.

Maria Vergelis, Security Researcher at Kaspersky said: “Seasonal spam and phishing can be extremely effective, since the emergence of such letter in a mailbox is sometimes wished and expected, unlike most “unique offer” – type scams. Moreover, with phishing attacks, the tricked victim might not even realise that it was subjected to a cyberattack and had exposed their credentials or email until it is too late and they suffer from the consequences. The good news is that there are security solutions that not only block malware from being launched and notify the user about the threat, but also have spam and phishing filters that prevent such emails from appearing in an inbox.”

To avoid exposing your personal information and being affected by malicious attachments, users are advised to always check the link address and sender’s email before clicking on anything sent to them; and check if the link address can be seen in the email and is the same as the actual hyperlink (the real address the link will take you to). This can be checked by hovering your mouse over the link.

Read the full report on


Related News