Inland Revenue has been impersonated through a new round of “sophisticated” email scams hitting New Zealand inboxes, attempting to extract user credit card information.
In an advisory note to Kiwis, IRD said the email states that the recipient is due a large tax refund, followed by a link connected to a new website where the money can supposedly by claimed.
According to Doug Hammond - chief information security officer of IRD - the email appears “very convincing” but a few key important details highlight that the message is a fake.
“Firstly look where the email is from,” Hammond explained. “If it doesn’t come from an address that ends with ird.govt.nz then be very suspicious.
“Secondly look at the link where they are trying to direct people to claim the refund. Hover over the link with your mouse and make sure the web address is for a real Inland Revenue website. Don’t click on it.
“We send out emails all the time but customers should be aware what a fraudulent one looks like.”
Hammond said this particular scam has been “quite prevalent lately”, with the IRD receiving around 700 notifications during the past week.
“The same scammers look to be making multiple attempts to lure unsuspecting customers and have been using the same messaging sent from a number of email addresses,” Hammond added.
“We would never send anyone an email with a hyperlink to a webpage that asks you to submit your personal information so be vigilant about any correspondence with those instructions.”
Hammond said any user who has received the email - or any other suspicious lines of messaging - should notify the IRD at firstname.lastname@example.org.
The scam comes five months after revelations that thousands of IRD files were locked up after New Zealand's tax department became the target of a crypto-locking attack.
In February, IRD said that in addition to the phishing emails targeting customers, the department also regularly receives phishing emails attempting to obtain money or information or to compromise the Inland Revenue environment.
"In November 2017, a link in a phishing email was clicked on resulting in a cryptolocker malware executing within Inland Revenue which encrypted 3500 files," a statement to Parliament's Finance and Expenditure Committee said.
IRD told Reseller News at the time that the attack occurred in November 2016, not 2017 as it told the committee.
The files were recovered from back-up and no Inland Revenue data was lost or compromised, IRD said in response to questions during the department's annual review.