Latest Irish Revenue scam: HTTPS doesn’t always mean you’re safe!


ESET Ireland warns of an Irish Revenue phishing scam, that is using compromised HTTPS secured websites for its dirty work.

Internet security experts from ESET Ireland are warning Irish computer users about an online scam, that uses a forged Irish Tax and Customs email, to redirect victims to compromised valid HTTPS secured websites hosting the phishing site. How does it work?

Revenue spam email

The basic form of the scam is not uncommon. The user receives an email that purports to come from Revenue and claims they’re “eligible to receive a refund of 265.48 GBP” (seems the scammers aren’t familiar with the currency in Ireland) and are instructed to “Complete Your Tax Refund Form” by clicking on the link and continuing to the website.

Clicking the link first goes to a compromised French Consultancy website then redirects to a Singapore one, registered to the Singapore International Arbitration Forum, yet in both cases HTTPS is displayed in the web address.

Valid HTTPS certificates for the fraudulent pages

Over the years we’ve been constantly told that HTTPS means the website is secure, but what many fail to realise is that HTTPS merely means that the communication with that site is encrypted. If cybercriminals manage to compromise a website with a valid HTTPS certificate, or even if they acquire a certificate themselves, the victims are given a false sense of security and end up giving up their sensitive data more easily.

First phishing page


Second phishing page

And this is exactly what this faked Revenue site does. It asks the victim for their PPS number, date of birth, password, full name, address, city, phone number, payment card number, code, expiry date, basically everything the cybercriminals need to attempt identity theft and card abuse. After filling in all the info, the site redirects back to the genuine Revenue website.

Don’t let the false HTTPS fool you! ESET Ireland recommends you treat all emails coming from any institution or organisation with care, particularly when they have attachments or links they want you to click. Also, be careful when filling out any online forms, making sure you’re not on a faked website.

by Ciaran McHale and Urban Schrott, ESET Ireland

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s