{"id":18856,"date":"2022-04-25T13:10:11","date_gmt":"2022-04-25T21:10:11","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2022\/04\/25\/news-12589\/"},"modified":"2022-04-25T13:10:11","modified_gmt":"2022-04-25T21:10:11","slug":"news-12589","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/04\/25\/news-12589\/","title":{"rendered":"Watch out for this SMS phish promising a tax refund"},"content":{"rendered":"

Credit to Author: Christopher Boyd| Date: Mon, 25 Apr 2022 20:52:38 +0000<\/strong><\/p>\n

Imagine logging into your bank\u2019s website after responding to a text message claiming you\u2019re due a refund, only to see a warning to watch out for bogus texts:<\/p>\n

\n
\"\"
Beware of SMS phishing!<\/figcaption><\/figure>\n<\/div>\n

For those who don’t read Dutch, the warning reads:<\/p>\n

\n

Never respond to unusual emails or texts!<\/p>\n

Fraudsters often send e-mails under the guise of renewing your debit card or digipas. Never go into that. They refer to websites that are not owned by Argenta. Argenta will also never ask you to provide your card number by telephone because you will allegedly receive a new debit card or digipas.<\/p>\n

Do you still receive suspicious messages?<\/p>\n

Have you already passed on codes over the phone? Or has money already been withdrawn from your account? Please contact us immediately on (available 24\/7 for victims of phishing).<\/p>\n<\/blockquote>\n

The warning above is genuine, on a real bank’s website. But the warning, in this case, comes too late because this is the last and only legitimate stop in a victim’s passage through a phishing scam.<\/p>\n

The bogus SMS trail begins<\/h2>\n

Here\u2019s one of the suspect SMS messages<\/a>, as tweeted by Twitter user @ypselon:<\/p>\n

\n

it has been decided that you will receive a refund. to receive this amount you can visit our website [url removed]<\/p>\n<\/blockquote>\n

The text claims to be from \u201cFOD\u201d. This is the Federale Overheidsdienst Financien<\/a> in Belgium. The suspect URL includes a domain registered just this month (often a red flag), in India, rather than Belgium.<\/p>\n

Visiting the site presents you with a message that says:<\/p>\n

\n
\"\"
A fake FOD website offering fake refunds<\/figcaption><\/figure>\n<\/div>\n
\n

Refund:<\/p>\n

In order to receive a refund of your personal income tax, you must verify your account so that we can transfer the full amount of \u20ac278.35 to the correct account.<\/p>\n

It is important to carry out a one-time verification as a check. Afterwards you will receive the amount on your account within a few working days.<\/p>\n<\/blockquote>\n

For “one-time verification” read “send us money”.<\/p>\n

We all love a tax refund so it\u2019s an effective hook to lure in potential victims. Continuing reveals a large assortment of banks commonly used in Belgium.<\/p>\n

A slippery phish<\/h2>\n

The scam site includes customised pages for each popular bank. Some ask for card details, others for account numbers. All are fake, all are trying to hoover up information that can be used to steal your money.<\/p>\n

\n
\"\"
A phishing site asks for credit card details for a “one-time verification”<\/figcaption><\/figure>\n<\/div>\n

No matter which route you go down, entering your details will neither verify your identity nor secure you a tax refund. But all will leave you poorer and eventually redirect you to your bank\u2019s real website (where you might encounter a warning about falling for scams like the one you’ve just fallen for).<\/p>\n

At this point, your only option is to contact the bank for real, and tell them what\u2019s happened. If you’re lucky, you may be able to have them shut things down. If not, days or weeks of hassle might lie in wait. <\/p>\n

Faking it to make it<\/h2>\n

Fake tax refunds are hugely popular. They\u2019re especially rampant during (or immediately following) any tax season. The Federale Overheidsdienst Financien has some advice<\/a> for avoiding scams like this..<\/p>\n