Thursday, May 11, 2017

Phishing Email : CRA Applicant form return of $403.27 CAD

For the record, here's a recent Canada Revenue Agency (CRA) phishing email that is circulating and was caught by Junk or Spam filters, but maybe not for you.

What to do?

Report them and label them as Phishing Email not SPAM (in your online email system), see below.


Report them? 

Report Phishing URLs at Google Plex now as well;


Here's the view of the email in your online mail client









Dear Rob.Hamilton@outlook.com,

After the last annual calculation of your fiscal activity we have determined that you are eligible to receive a tax refund of 403.27 CAD

Please fill the secure tax return form and allow us 2-3 business days to process it
Secure form : http://cra-arg.gc.ca/tax-return/123467890/applicant

                     SPAM URL Points to href="http://parkshilton.in/felrvnj/index.php"

Tax Return Number: GB232UUSZ21
Recipient e-mail: Rob.Hamilton@outlook.com



Here's what http://parkshilton.in/felrvnj/index.php page looks 































and is hosted in USA but owned by;    

   This info is available for any site using a Whois lookup, https://www.godaddy.com/whois has one

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
Domain ID:D5779724-AFIN
Domain Name:PARKSHILTON.IN
Created On:31-Jan-2012 10:59:24 UTC
Last Updated On:02-Apr-2017 18:20:40 UTC
Expiration Date:31-Jan-2018 10:59:24 UTC
Sponsoring Registrar:Mitsu Inc (R158-AFIN)
Status:CLIENT TRANSFER PROHIBITED
Reason:
Registrant ID:BS_10305232
Registrant Name:S P Mohanty
Registrant Organization:SME Consulting Services
Registrant Street1:Fort
Registrant City:Mumbai
Registrant State/Province:Maharashtra
Registrant Postal Code:400001
Registrant Country:IN
Registrant Phone:+22.9320565526
Registrant Email:smeconsulting@live.com
Admin ID:BS_10305232
Admin Name:S P Mohanty
Admin Organization:SME Consulting Services
Admin Street1:Fort
Admin City:Mumbai
Admin State/Province:Maharashtra
Admin Postal Code:400001
Admin Country:IN
Admin Phone:+22.9320565526
Admin Email:smeconsulting@live.com
Tech ID:BS_10305232
Tech Name:S P Mohanty
Tech Organization:SME Consulting Services
Tech Street1:Fort
Tech City:Mumbai
Tech State/Province:Maharashtra
Tech Postal Code:400001
Tech Country:IN
Tech Phone:+22.9320565526
Tech Email:smeconsulting@live.com
Name Server:NS1.RHOSTJH.COM
Name Server:NS2.RHOSTJH.COM



CRA and CDN Anti-Fraud Centre ?


According to Canada Revenue Agency (CRA), it’s important to know that:
  • The CRA never requests, by email, personal information of any kind from a taxpayer.
  • The CRA will never request information from a taxpayer pertaining to a passport, health card, or driver’s licence.
  • The CRA will not divulge taxpayer information to another person unless formal authorization is provided by the taxpayer.
  • The CRA will not leave any personal information on an answering machine.

More information about this scam is available on Canada Revenue Agency’s website. If you’ve been a victim, report it to your local police and to the Canadian Anti-Fraud Centre

How to tell this is a Phishing email ?


  1. Convert the email view from HTML to text, check for bad URLs.
  2. Hover over all links in email, if it's not from the same as the text then forget it.
  3. The best way is to look at message source, see below.


How to examine Email Message Source ?


Now lets look at message source
  1. Outlook.com->Actions->View Message Source. 
  2. Gmail.com->More (down arrow to top right)->Show original.
And look for phony links.


Report Phishing Email (not as Spam)


  1. Outlook.com->Junk (at Top)->Phishing Scam
  2. Gmail.com->More (down-arrow to top right)->Report Phishing 


Report phishing at Microsoft and government agencies


  1. https://www.microsoft.com/en-us/safety/online-privacy/phishing-symptoms.aspx


No comments:

Post a Comment