Fake HMRC Notice of Underreported Income

Several months ago I wrote an alert
about cybercriminals targeting US taxpayers who were supposed to e-file
their previous year tax return. As the Self Assessment Tax Return and Pension Schemes
Filing deadline are knocking at the doors of the UK taxpayers, it looks like the
malware dissemination scheme simply crossed the ocean and start endangering the
unsuspecting subjects of Her Majesty.

The unsolicited message used as bait – which requires the users
to review their underreported income statement – is identical with the one
previously used to deceive IRS recipients, as you can see below:

The alleged customized link does not lead towards Her
Majesty Revenue & Customs’ Web site, but to Web page (registered on a
Tuvalu islands – .tv – domain), which
mimics a personalized download location, employing several visual
identification elements of the original site (registered on gov.uk
domain), such as the logo, header or formatting elements.

The page also provides a link of a purported tax statement that the user
should download and execute. However, upon clicking the user does not receive
an e-form, but a cocktail of malicious payloads, employed earlier this week in another
malware campaign using Microsoft