Fraud / phishing scam uses "close enough" UK Revenue domain
In recent weeks, we've seen a significant number of spam-scams from a domain that is remarkably similar to an official UK government domain, showing that registrars and hosts are failing to identify obviously fraudulent customers. The fraudulent domain name is close enough to the real thing to fool many targets.
The UK government's information service is called GSI and it distributes e-mail for, amongst others, HM Revenue and Customs (HRMC). Therefore it uses a domain name that is made up of those elements: hmrc.gsi.gov.uk.
Fraudsters have registered the domain hmrcsgsgov.com.
They are issuing spam-scams with HMRC GSI GOV in the subject line and including the name of one of the staff at GSI, Angela Fisher (yes, the irony is not lost on us) for a phishing scam.
The domain was registered by DOMAINS4BITCOINS.COM at PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
The mail server is at WorldStream C.V, Netherlands (126.96.36.199)
The domain is registered to serviced / virtual office premises at 34 South Molton Street, London W1.
Creation Date: 19-jan-2017
The legitimate domain (hmrc.gsi.gov.uk) has been used as a fake e-mail address for a number of years (since at least 2009 and possibly earlier).