Security vendor's blog post pinched to make HMRC phish look legit

Netcraft has found that security firm TrustWave inadvertently gave phishers a helping hand.

The situation starts in this December 2010 blog post by Gavin Neale of M86 Security Labs, a company since acquired by TrustWave.

Until Wednesday, that post included an image of a faked email from UK taxation agency HM Revenue and Customs (HMRC). The Portable Network Graphics file was present to educate readers about how to identify phishing mails.

Ironically, Netcraft says phishers embedded the image in their poisoned messages to make them look legitimate.

TrustWave appears to have removed the image on the day Netcraft reported the problem. In a double irony, Netcraft has preserved it here, which we suppose means Phishers could just run the scam by including that URL in their messages.

Netcraft reckons it nabbed 1,150 attempts to phish HMRC in February alone, so must also feel it has the muscle to stop phishers abusing the image it now hosts. ®