VAT Email - SPAM/Virus/Phishing alert

Log in to reply
E

EDRIAT

Free Member
Oct 3, 2011
101
24
  • #1
    Hello all,

    I've just received an email with the subject, "Successful Receipt of Online Submission for Reference 508738366"

    The body of the email was:

    Thank you for sending your VAT Return online. The submission for reference 508738366 was successfully received on 2013-05-16 T10:48:26 and is being processed. Make VAT Returns is just one of the many online services we offer that can save you time and paperwork.

    For the latest information on your VAT Return please open attached report.

    The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free.

    Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes.
    Click to expand...

    Disappointingly my Norton 360 email filtering doesn't appear to believe that this is anything untoward, but, I haven't been registered for vat for about 4 years now so I'm pretty certain that something isn't quite right.

    If it is something dodgy then I'm pretty sure I won't be the only one getting one of these.

    Be careful!
     
    S

    Subbynet

    Free Member
    Aug 1, 2005
    6,000
    1,101
    45
    Luton
  • #2
    I would forward this to the HMRC. The reason being if its spammy you can normally find other people complaining about the same e-mail, whereas I can't find any other references to this using Google.

    So, just to be on the safe side, I think you should contact HMRC to let them know this was not you. They'll ever confirm its spammy/dodgy, or otherwise its possible you're a victim of identity fraud, in which case reporting it will be doing you a favour.
     
    Upvote 0
    E

    EDRIAT

    Free Member
    Oct 3, 2011
    101
    24
  • #3
    Subbynet said:
    I would forward this to the HMRC. The reason being if its spammy you can normally find other people complaining about the same e-mail, whereas I can't find any other references to this using Google.

    So, just to be on the safe side, I think you should contact HMRC to let them know this was not you. They'll ever confirm its spammy/dodgy, or otherwise its possible you're a victim of identity fraud, in which case reporting it will be doing you a favour.
    Click to expand...

    I've reported it to [email protected]. (Not surprisingly they wouldn't accept the attachment though! :))


    For anyone that's interested the Internet Headers (with my own email address removed) of the email were:

    Delivered-To: #####@########.###
    Received: by 10.204.3.199 with SMTP id 7csp64678bko;
    Thu, 16 May 2013 02:44:56 -0700 (PDT)
    X-Received: by 10.50.60.103 with SMTP id g7mr8622659igr.110.1368697495301;
    Thu, 16 May 2013 02:44:55 -0700 (PDT)
    Return-Path: <[email protected]>
    Received: from ip-64-16-45-234.biz.sta.mtntel.net ([64.16.45.234])
    by mx.google.com with ESMTP id ce6si7434272icc.24.2013.05.16.02.44.50
    for <#####@########.###>;
    Thu, 16 May 2013 02:44:55 -0700 (PDT)
    Received-SPF: pass (google.com: domain of [email protected] designates 64.16.45.234 as permitted sender) client-ip=64.16.45.234;
    Authentication-Results: mx.google.com;
    spf=pass (google.com: domain of [email protected] designates 64.16.45.234 as permitted sender) [email protected];
    dmarc=fail (p=NONE dis=none) d=hmrc.gov.uk
    Received: from (192.168.1.151) by acm.org (64.16.45.234) with Microsoft SMTP Server id 8.0.685.24; Thu, 16 May 2013 02:44:50 -0700
    Message-ID: <[email protected]>
    Date: Thu, 16 May 2013 02:44:50 -0700
    From: "[email protected]" <[email protected]>
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.9) Gecko/20100921 Thunderbird/3.1.4
    MIME-Version: 1.0
    To: <#####@########.###>
    Subject: Successful Receipt of Online Submission for Reference 508738366
    Content-Type: multipart/alternative;
    boundary="------------05050700604040209090507"
    Click to expand...
    I'm guessing either www.acm.org are not quite what they seem, or their mailservers are open for mail relay?
     
    • Like
    Reactions: Subbynet
    Upvote 0
    S

    Subbynet

    Free Member
    Aug 1, 2005
    6,000
    1,101
    45
    Luton
  • #4
    ooooh! those headers don't look right to me ever.

    Three letter domains are normally quite expensive, so I'm assuming, along with that 192.168.1.15 IP address that they might have a botnet infiltrated their systems!

    Given the response of their website, which is very slow, I think this might be the case.
     
    • Like
    Reactions: EDRIAT
    Upvote 0
    Log in to reply

    Latest Articles

    Top Bottom
    Community
    Articles
    Menu