Fake HM Revenue & Customs site

So far I have been contacted by phishers using sites that look like eBay, PayPal, Amazon.com and Maybank.

The latest one is from a site that masquerades as the HM Revenue & Customs site. here's the email I received:

from HM
to ahoklah@gmail.com,
date Dec 1, 2007 2:15 PM
subject HM Revenue & Customs - Notification


Please Note: After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of:

£2195

Please submit the tax refund request and allow us 15-30 days in order to process it.
A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline.

To access the form for your tax refund,click here

..........................

On clicking the link, I was led to this site which was automatically identified by my Firefox browser as a suspected scam site.



The url of the site led me to Framingplace.net. Tried to find out more about the site and I got the following information:

Current Registrar: TUCOWS INC.
IP Address: 66.51.113.156 (ARIN & RIPE IP search)
IP Location: CA(CANADA)-ALBERTA-EDMONTON
Record Type: Domain Name
Server Type: Apache 1
Lock Status: clientDeleteProhibited
Web Site Status: Active
DMOZ no listings
Y! Directory: see listings
Web Site Title: The Framing Place & Gallery
Meta Description: The Framing Place and Gallery is your resource for art and frames.
Meta Keywords: frames, framing place, group of seven, group of 7, bought, buy, purchase, art, paintings, prints, reproductions, framing, oils, prints, canada, canadian, algonquin park, algonquin art, algonquin artists, huntsville, ontario, muskoka, muskoka art, muskoka
Secure: No
E-commerce: Yes
Traffic Ranking: Not available
Data as of: 25-Apr-2006

Digging further ....

Registry Whois

OrgName: Tera-byte Dot Com Inc.
OrgID: TRBY
Address: Terminal Level
Address: 10004-104 Ave
City: Edmonton
StateProv: AB
PostalCode: T5J-0K1
Country: CA

ReferralServer: rwhois://rwhois.tera-byte.com:4321/

NetRange: 66.51.96.0 - 66.51.127.255
CIDR: 66.51.96.0/19
NetName: TERA-BYTE-2
NetHandle: NET-66-51-96-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.TERA-BYTE.COM
NameServer: NS2.TERA-BYTE.COM
NameServer: NS3.TERA-BYTE.COM
Comment: Reassignment information for this block is available at:
Comment: rwhois.tera-byte.com 4321
RegDate: 2000-12-26
Updated: 2002-12-12

RTechHandle: NO58-ORG-ARIN
RTechName: Network Operations Centre
RTechPhone: +1-780-413-1868
RTechEmail: 66.51.113.156&email=0' border='0' align='middle'>

OrgAbuseHandle: NO58-ORG-ARIN
OrgAbuseName: Network Operations Centre
OrgAbusePhone: +1-780-413-1868
OrgAbuseEmail: noc@tera-byte.com

OrgNOCHandle: NO58-ORG-ARIN
OrgNOCName: Network Operations Centre
OrgNOCPhone: +1-780-413-1868
OrgNOCEmail: noc@tera-byte.com

OrgTechHandle: NO58-ORG-ARIN
OrgTechName: Network Operations Centre
OrgTechPhone: +1-780-413-1868
OrgTechEmail: noc@tera-byte.com

Better be careful.