“Romanian tax return phishing” published in the Avira Techblog
From: Ministerul Finantelor Publice
Date: 25.11.2010 07:54:34
Subject: Ministertul Finantelor Publice – Taxe si ImpoziteDupa ultimele calcule ale activitatii dumneavoastra anuale am stabilit ca va sunt eligibile pentru primirea
unei rambursari a impozitului in conformitate cu sectiunea 501 (c).
Valoarea impozitului returnat este de 473,27 RON.
Va rugam sa ne trimiteti cererea de rambursare a impozitului si sa asteptati 6-9 zile pentru verificarea datelor introduse.
Pentru a accesa formularul de plata va rugam sa va completati datele aici :
http://www.mfinante.ro/acasa.html?method=rambursare&pagina=52155
Aceasta notificare a fost trimisa de catre Ministerul Finantelor Publice , Biroul de plati pentru persoane fizice.MINISTERUL FINANTELOR PUBLICE
Serviciul de Comunicare si Relatii Publice
sef serviciu : Cristian Marin
The domain was registered in the same morning, at 4 AM.
|
My company offers consulting on how to prepare for TISAX, ISO27001, NIS2, CSMS and SOC2 audits. |
|
||
| Get in touch with us here: https://www.endpoint-cybersecurity.com/contact/ |
Creation date: 25 Nov 2010 04:33:00
Expiration date: 24 Nov 2011 23:33:00
Now it is closed after I wrote to the ISP.
© Copyright 2010 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca - Security & Technology
Want to work with me on this topic?
Check Endpoint Cybersecurity to see the consulting services we offer.
Another domain which was used was: fincminister.com
The funny thing is that the domain wasn registered for only one day.
http://whois.domaintools.com/fincminister.com
You see in the Site Profile :
Website Title: Inregistrare pentru serviciul ” MasterCard MasterCard® SecureCode? ”
So, this looks like a multiphishing to me 🙂