A detailed end of the year Revenue refund scam hitting Irish mailboxes

Once again ESET Ireland is warning Irish users to avoid falling for the latest Revenue “tax refund” scam.

As usual, the scam arrives in the form of a phishing email, pretending to be from Revenue, saying:
“Due to a technical issue, we are unable to process your tax refund
and the procedure is currently on hold.In order to resume the process
please follow the instructions detailed on our dedicated site 24/7
to get your tax refund now.”


Clicking the link takes the victim to a well-made and credible looking faked Irish Tax and Customs page that is even using the “https” in its web address, to appear secure and credible.


The additional bit in the web address should be an alert that something is wrong, but few people actually read the web addresses of the sites they visit. The page then asks for the victim’s name on their credit/debit card and the funds available on it:


If this is entered, then the next page asks for the rest of the card details, which enables the cybercriminals to abuse it directly or allows them to engineer further scams, aiming to completely empty the victim’s account.

At the end, the page displays what appears to be “refund details” for €469,24, also abusing the name of Allied Irish Banks.


As can be seen from our previous reports on Revenue scams, that have been going on for years now, the cybercriminals are fine tuning and optimising their scamming techniques, to appear more credible and trustworthy, making it harder for their victims to detect the scam in time and avoid it.

ESET Ireland recommends deleting the phishing email and marking it as spam, not clicking on any links or entering any sensitive data into such pages and warning your friends about it.

written by Ciaran McHale and Urban Schrott, ESET Ireland


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s