Security News > 2020 > April > Tax Phishing Campaign Reminds of DMARC Limitations
April is a time for tax-related phishing scams, and we haven't been let down this year despite the dominance of COVID-19-themed phishing campaigns.
Security firm Abnormal Security discovered a phishing email giving a single day for the recipient to respond and claim an outstanding tax rebate from HMRC for '550.11 GBP'. The email contains an obfuscated link to a webpage masquerading as a Gov.uk page.
What is particularly interesting about this phishing attempt is that HMRC is fully DMARC protected - that is, DMARC is implemented at the strongest enforcement level.
The reason is that DMARC blocks only phishing emails that pretend to come from the genuine domain.
This comprises approximately two-thirds of all phishing attempts; leaving one-third unblocked by DMARC. After implementing DMARC, HMRC Digital blogged in November 2016, "We have already managed to reduce phishing emails by 300 million this year through spearheading the use of DMARC. It allows us and email service providers to identify fraudulent emails purporting to be from genuine HMRC domains and prevent their delivery to customers." DMARC works where it is designed to work.