Last month on our Russian blog we talked about how the Zbot Trojan was being spread via spam messages which looked as though they came from the US Federal Tax authorities.

One reader commented jokingly that we should keep tabs on tax deadlines in other countries in order to detect future mass mailings of Zbot.

And then we got an email from HM Revenue and Customs, the body responsible for taxes in the UK:

Of course the link led to a phishing site which looked very like the real HMRC site:

And of course, the exe file which pretends to be a tax statement is Zbot – looks as though this Trojan likes playing taxman!

But it's not just Zbot – phishers have jumped on the tax bandwagon as well. In the run-up to October 31st, the final deadline for submitting paper self-assessment tax forms in the UK, we've seen a number of copies of this email:

You can see how you might be tempted to respond to this message, as it's offering a tax refund rather than demanding money. But open the attachment, and you end up at a classic phishing site:

Thankfully, the site was quickly blacklisted

And the real HMRC includes information about phishing scams on its main page.