First published: 24th May 2018
Phishing emails claiming to be from Hong Kong's Inland Revenue Department (IRD) have been received by a number of people in Hong Kong.
The message, with sender's address firstname.lastname@example.org referred to changes in the 2018-2019 budget, and asked the recipient to update their tax information using the attached pdf. The attached pdf, called UPDATE-TAX.pdf, uses the same design as the real IRD website, and has a "Log In" button which is a link to http://jaredheld.ml/IRSHK/ . The web page also copies the IRD website, and a log in form asking for email address and password. If details are entered, the fake page redirects to the real IRD page.
This is the second incident this year involving an IRD-branded phishing attack, the first, at the beginning of March, claimed to offer a tax refund. The fraudulent messages could have been prevented from reaching at least some recipients if the Hong Kong Government had changed its SPF policy to '-all', a hard fail, as recommended in our previous article.