Spam Trends of the Week: Apple Subscriptions, HMRC Phishing and Extortion Campaigns Seek Your Personal Data and Money

Bitdefender Mobile Security Buy

Phishing attacks delivered via spam campaigns are enriching cybercriminals who send out fake messages to dupe unwary recipients into handing over credit card data, login credentials and other sensitive information.

Here’s Bitdefender’s Antispam Lab pick of the top spam trends that threaten your wallet this week:

Phishing for credit card data via bogus tax return notifications in the UK

Despite an impressive 97% drop in scam calls reported to the HM Revenue and Customs over the last 12 months, phishing emails impersonating the agency are still popular among cybercriminals. The latest campaigns spotted by Bitdefender Antispam Lab researchers appear to use classic phishing techniques to dupe customers into handing over their credit card numbers and personal info ahead of the 2020/21 tax return submission deadline of Jan. 31.

In one variation of the scam emails, the fraudsters lure recipients with a tax refund of over 5,000 pounds, mentioning that payment will be delivered via credit card. Users need to access a link and fill out the necessary information.

Email headers including ‘From’ and ‘Subject’ lines vary:

Subject lines:

  • Important Notification
  • Income Payment Return
  • Payment confirmation return
  • PAYMENT CONFIRMATION RETURN – Message ID: [ NGKXOFTQXS – 3502004100 ] –the Message ID varies
  • Re: Income Tax Return – Reference ID: 2976756425 – 2976756425  – the Reference ID varies


  • HM Revenue & Customs
  • HMRC Customer Care and HMRC Services
  • HMRC Digital, HMRC Online
  • HMRC Office, HMRC Payments

Unsolicited emails that ask you to fill out sensitive data such as credit card information, PINs, Social Security numbers should immediately raise your suspicion. It’s OK to reject any requests that push you into making a rushed decision. Always check the sender’s email address and website links for typos, and forward the fraudulent message to the official organization or financial institution.

Your friendly neighborhood (s)extortionists

Extortion scams have been on the radar of our researchers for a while now. On Jan. 11, our Antispam Lab analysts caught an interesting backscatter campaign focused on delivering extortion messages in Eastern Europe. This week, however, Bitcoin extortion campaigns reached over 1 million inboxes worldwide, a trend most likely associated with the volatile nature of the cryptocurrency market and Bitcoin’s sharp decline this week.

The body and text of the email resemble previously reported sextortion campaigns in which recipients are threatened with the exposure of sensitive material unless they pay the “hacker” a large amount of money in BTC. This type of hoax is successful partly because the threat actors mention one of the user’s passwords, making the scenario seem highly plausible, especially in the current threat landscape.

The extortionist ends his letter with a list of what users shouldn’t do, and even provides additional assurances that he will play fair and delete any “kinky” videos as soon as payment is received. Last but not least, the scammer gives his victim a word of advice to “recurrently change all your passwords from all accounts.”

Extortion emails routinely suggest that your device, webcam and online accounts have been breached or hacked, and that your data and, more often than not, lewd photos and videos were snatched. We advise recipients to never follow through with the demands. Data breaches and leaks provide enough fuel for scammers to continue delivering bogus emails and gaslighting their victims out of thousands of dollars.

Do you want to know what the Internet knows about you and regain control of your privacy? Use Bitdefender’s Digital Identity Protection to find out the extent of personal data exposure in breaches and data leaks. You can stay on top of privacy threats and receive real-time alerts of data breaches to prevent account takeover attacks and potential financial damages.

Reverse vishing for bogus Apple subscriptions

Online scammers are also sending out fake Apple invoice notifications confirming the purchase of Premium Subscription Packages of $299.99. Unlike traditional vishing scams that rely on fraudsters cold calling their victims, the end goal of this campaign is to persuade targets to call a support number. Although the emails pose no immediate threat, the bogus receipt can make the recipient curious enough to dial the listed customer care number.

This particular campaign is a clear example of how scammers expand and improve their techniques to defraud consumers. If you receive this type of email, don’t panic – your account was not charged. Head to your online account and check for any notifications or review your purchase history. When in doubt, contact the service or provider via official channels and immediately report fraudulent activity.

Stay Safe!