VAT Return and Payment Overdue Scam Email

Why User Vigilance Is Important

Today we received a gentle reminder that no matter how hard we work to keep out cyber-threats, there is always a weak link to target in any business system. The users. This exploit concerns a VAT Return and Payment Overdue scam email which was received in the office today. The instant reaction was to jump to the conclusion that we had to do something quickly, to avoid a penalty. Which is just what the reprobate behind the email was hoping.

What To Look For

This is a warning about a VAT Return and Payment Overdue scam email, which may catch out the unwary. If you are a business owner or have responsibility for finance matters please watch out for this innocent looking communication.

VAT Return and Payment Overdue Scam Email image
VAT Return and Payment Overdue Email Scam

How To Tell It Is A Scam Email

VAT Return and Payment Overdue Scam WhoIs Result Image
WhoIs Result

If you hover the mouse over the sender, most good email systems will tell you the address you will be replying to. In this case you will not be surprised to learn that it is not from HM Revenue and Customs  (HMRC) at all! It comes from a suspicious email address which is registered to someone called Denis. Denis apparently lives in Moscow, and is using the unlikely email address of

When The Penny Drops

After a few laps of the office, looking for a quick solution, or a way to pass responsibility over to someone else, the recipient had the good sense to check up via the HMRC website. The information there on the site , which is linked below, made him think twice. He reported the matter to Information Security, fortunately, before clicking on and opening the email attachment.

Cost of the VAT Return and Payment Overdue Scam

In our case, the cost of this particular email scam was trivial. It mostly involved additional wear and tear on the carpet and some lost productivity. According to an anonymous source in finance, there was also some lost paint from the ceiling. It could have been much more costly, if the user had opened the attachment and did not have up to date anti virus.

While HMRC may send you an email if you are overdue with VAT payments, they will use the normal contact email address, and will recommend that customers pay online to avoid further action. These emails will never ask you to provide personal or financial information. You won’t be able to reply to the emails, which will be sent from

In Conclusion

This VAT Return and Payment Overdue scam email has been timed to catch the unwary by being the right date, but a month early. Let people know that they should ignore the call to act immediately, and instead report the matter to IT security. Even if there is no malicious payload in the attachment, scam emails like this can disrupt the flow of energy in a business and ultimately cost money.

The Upside

On the upside, this scam is an early reminder that our VAT return has to completed at the end of this month, so I might go and give the finance team a gentle reminder!

Further Information

For authoritative information about when your VAT return is due, see

To report instances of this email scam, forward the suspicious emails to HMRC phishing team at:

Sir Patrick Moore Dies Aged 89

Sir Patrick Moore, an inspiration to generations of astronomers has died aged 89. The Astronomer and Sky at Night TV presenter died died peacefully at 12.25pm on 09 December at his home in Selsey, West Sussex.

Sir Patrick Moore

Sir Patrick Moore was born on 4 March 1923, and presented the world’s longest-running television series with the same original presenter, having presented the show since 1957, which is acknowledged as a Guinness World Record.
His rapid diction and monocle made him a popular and instantly recognisable figure on British television.

Sir Patrick Moore was a former president of the British Astronomical Association, co-founder and former president of the Society for Popular Astronomy (SPA), author of over 70 books on astronomy. As an amateur astronomer, he became known as a specialist on observing the Moon and creating the Caldwell catalogue.

His work has been an inspiration to generations of scientists and engineers, and particularly his willingness to admit that Astronomers (and by implication scientists and engineers) are not infallible. They make mistakes, but unlike politicians are honest enough to admit them.

Sir Patrick Moore Links and Credits

Ada Lovelace Day

Did you know that October 16th is Ada Lovelace Day? Ada Lovelace Day is an international day of blogging to draw attention to women excelling in technology.

Ada Byron, Lady Lovelace, was one of the most picturesque characters in computer history. A brilliant mathematician, analyst and metaphysician, she is widely regarded as the founder of scientific computing:

  • Ada was born 10 December 1815, the only legitimate child of the poet Lord Byron
  • She was strongly interested in scientific developments including phrenology and mesmerism.
  • Ada Lovelace died on 27 November 1852 at the age of thirty-six

When she was just 17, Ada met Charles Babbage, at a dinner party and learned for the first time of Babbage’s ideas for the invention of a new calculating engine. Ada suggested to Babbage that she should write a plan for how his new Analytical Engine might calculate Bernoulli numbers. The plan she wrote thereafter, is now regarded as the first “computer program.”

All that people need to do to take part in Ada Lovelace Day is to talk about the accomplishments of a woman in science, technology, engineering or maths, whether in a blog post, Facebook update, video, podcast or other medium. Supporters can add their URL to the FindingAda database to make it more easily findable.

So lets tell the world about unsung heroines in science or technology. Whatever she does, whether she is a project manager, sys-admin or a tech entrepreneur, a programmer or a designer, developing software or hardware, a tech journalist or a tech consultant, let us celebrate her achievements.

Ada Lovelace Day – Celebrating the achievements of women in science, technology, engineering and maths.

FindingAda database

Government ICT Strategy Six-Month Review

With the run up to Christmas you could be forgiven for missing the release of the NAO report Implementing the Government ICT Strategy: six-month review of progress.

The report writers, which included Mike Manisty, the first person to undertake a solar-powered voyage upstream from Westminster to the navigable source of the Thames, have some significant concerns. These include Planning, Capability and Evaluation, which need to be addressed in the short term if they are not to become significant barriers to progress.

In March 2011, the Cabinet Office published the Government ICT Strategy which acknowledged that Information and communication technology (ICT) is critical for government to operate effectively and should improve how citizens and businesses communicate with government. They accepted that government ICT projects have tended to be too big, lengthy, risky and complex, and that there have been numerous high profile failures.

The strategy has three categories for action and delivery

  • Reducing waste and project failure by improving procurement processes, making systems more flexible and increasing the skills of ICT professionals.
  • Creating a common ICT infrastructure, including communication networks, business applications, data centers, desktops and mobile devices.
  • Using ICT to enable and deliver change. The Government has a digital strategy to move public services online (‘digital by default’).

Outline Conclusions
The outline conclusions of the NAO report are as follows:
At the end of the first six months, new arrangements are in place to implement the Strategy. The leadership, governance and compliance mechanisms for delivery are different from those of the past and have the potential to deliver benefits. Government has adopted a pragmatic and collaborative approach and has largely met the first round of the Strategy deadlines. Thirty actions from the Strategy have been rationalized into 19 delivery areas with a more consistent plan about how the new approaches, new standards and common ICT infrastructure will be taken forward.

Against this positive backdrop the NAO have some significant concerns:

  • Planning – the Strategic Implementation Plan is lacking a resource plan and a map for how and when departments move to the Strategy solutions.
  • Capability – establishing a baseline requirement for ICT professional resources across central government has not been carried out, and key immediate skills gaps have not been filled.
  • Evaluation – there are no clear criteria for measuring business outcomes.

These concerns can be dealt with but need to be addressed in the short term if they are not to become significant barriers to progress.

Our particular area of interest, Agile development, gets an honorable mention under reducing waste and project failure, Area 4, (Action 9) – Agile delivery methods using user feedback to deliver systems in small pieces and keeping ICT in line with emerging business requirements. Sadly agile thinking is not something government procurement specialists are renown so there is little evidence of a change there. Perhaps we can look forward to some improvements when the next report is released.

Links to Implementing the Government ICT Strategy: six-month review of progress

Another Probation IT Fiasco

Another Probation IT Fiasco has left the Probation Officers using paper, according to an article on the Times website.

In an article titled Probation IT fiasco leaves service using paper, The Times states that “Probation officers are writing court reports by hand after managers were forced to ration access to computers that are unable to cope.”

This refers to a comment by Harry Fletcher of NAPO, about the state of the Probation computers in London after a major upgrade. Just in case you think that this is the first time that Harry Fletcher has criticized the rollout of Probation IT systems, or that he is a lone voice, check back on some of our earlier postings on the subject of government IT projects!

In a state of Titanic Obliviousness, (see below for attribution and definition) the juggernaut of centralized probation information technology steams serenely and blindly towards the iceberg of destiny. The only other comment necessary on this episode is that memorable quote from Albert Einstein, who said “the definition of insanity is repeating the same actions over and over, and expecting a different outcome”.

Earlier Articles


We Can All Tackle Violence At Work

Just read a great post called Tackle Violence At Work, which outlines legislation relating to violence and bullying at work, and serves as a reminder that violence takes many disguises, including non-physical bullying.

According to Bully Online, the motive common to all bullies is a personal need to control others. Half of all bullies are women. Women bullies target women 84% of the time; men target women 69% of the time, making women the majority of targets in the workplace. The vast majority of bullies (81%) are managers and bosses. The common personality traits of targeted employees are individuals with a:

  1. desire to cooperate
  2. non-confrontational interpersonal style

To ensure that we can all identify the symptoms, and understand the need to deal effectively with bullying in the workplace the Tackle Violence At Work article includes:

  • five main pieces of health and safety legislation which are relevant to violence at work
  • five things to consider before any incident of violence occurs
  • five links to useful resources, including victims support organizations

Every individual reacts differently to bullying behavior, depending on their personality and life experiences. Most victims of workplace bullying will experience at least some of the following effects:

  • Stress, anxiety, sleep disturbance
  • Ill health, headaches, heart palpitations, or fatigue
  • Panic attacks or impaired ability to make decisions
  • Incapacity to work, concentration problems, loss of self-confidence and reduced performance at work
  • Depression or sense of isolation
  • Deteriorating relationships with family, friends or co-workers

Violence at work can take many forms, and the bullying can be quite subtle and covert. In some cases the perpetrator may be a manager who does not even understand that their behavior really is bullying. What passes for management style, may just be another way of glossing over bulling behavior, which is just another form of violence at work. Do you know anyone who is:

  • Obsessed with the past
  • Has low expectations of everybody
  • Constantly interfering, dictating and controlling

These are often symptoms of someone with a low self esteem, one of the characteristic of most bullies. Do you know anyone who behaves like this? They may not even know that they exhibit these characteristics, or be aware that these are subtle symptoms of a bullying manager. You may recognize these traits in your manager, or someone close to you. You may even know them intimately! How about:

  • Favors weaker employees, recruits henchmen and toadying types
  • Inconsistent, always critical, singles people out, shows favoritism
  • Withholds information, releases selectively, uses information as a weapon
  • Includes and excludes people selectively
  • Exhibits hypocrisy and duplicity

Obviously we would never apply these characteristics to ourselves! But are there any behaviors we display which other people might incorrectly attribute to us? Once again these are classic signs of a workplace bully, which may masquerade as a distinct management style.

Finally, as managers, how about some out and out management behaviors which unquestionably separate a bully from a good manager:

  • Recruiting only like minded individuals (back to henchmen and toadying types, and identifying with clones)
  • Abdicating responsibility in the guise of delegation
  • Being economical with the truth, using dissembling, distortion and fabrication to avoid telling the truth, such as bad news

Recognize anyone there?

Bullying at work cost UK industries a great deal, although the specific amounts vary depending on the source. On thing is clear, bullying is a form of violence, and must not be tolerated at work. If we learn to identify the signs in others and ourselves, we can all tackle violence at work, and make the workplace safer more productive environment.

Additional resources to help with bullying and violence at work:

Keylogger virus infects drone plane command centre

The hot news on the blogosphere at the moment is the revelation that a Keylogger virus has infected the drone plane command centre at Creech air force base in Nevada.

Keylogging (or Keystroke logging) is the action of tracking (or logging) the keys struck on the keyboard, typically in a covert manner so that the person using the keyboard is unaware. The Keylogger virus is used to capture users’ passwords, credit card details and bank account numbers as people type them in. The data is then sent over the web to fraudsters. Security officials are currently unable to completely remove the virus, as it keeps reinstalling itself, suggesting that the attack vector has not been plugged.

Creech air force base in Nevada is the command centre for the remotely piloted aircraft used in Afghanistan including the Predator drone spyplane-bomber. The Predator is a medium-altitude, long-endurance unmanned aircraft system which is used in Afghanistan and, more controversially, across the border in Pakistan.

This is the latest security breach for the hi-tech remotely piloted vehicle system; the US military has previously found out that Iraqi insurgents were able to capture and record the footage being sent to troops and back to the airbase by cameras on the drones. The insurgents hacked into video feeds, which were not encrypted, using a $26 piece of Russian software named SkyGrabber. Apparently The encryption for the feeds were removed for performance reasons.

ACH Spam With Malware Attachment

The spam filters have been busy over the last couple of days, with a number of Emails with the title of ACH NOTIFICATION and ACH Payment [Number] Rejected. In each case the email contains an attachment purporting to be a self extracting PDF file.

Of course, on closer examination the supposed self extracting PDF file is a malware down-loader, no doubt ready and waiting to connect you to one or more bot nets. This is a common scenario with a spammed-out trojan down-loader triggering the execution of multiple pieces of malware on the unwitting user’s computer. In this case, Sophos anti virus detects the file and identifies it as Mal/BredoZp-B. For a detailed analysis of the activities of the spam payload, see the article on the ACH spam campaign by M86 security labs via the link below.

Automated Clearing House (ACH) is an electronic network for financial transactions in the United States. As usual with this type of spam and associated malware, ACH have no connection with the email, so there is little point in blocking the sender’s address, in our case ach.01 at

Once again our advice is that you should not open any unexpected emails, or unsolicited attachments, as in this case it will attempt to infect your Windows computer. Just press delete and double check that your anti-virus software is up to date.

Resources relating to ACH Spam With Malware Attachment:

Uniform Traffic Ticket Malware Spam

If you live anywhere except the City of New York you may have been surprised to receive an email recently, which claims to come from the New York State Department of Motor Vehicles. Even if you aren’t based in the United States, or even don’t drive a car, you may well see the posting which poses as a “Uniform Traffic Ticket” and says that you are charged with speeding at 7:25 AM on the 5th July 2011.

People may be tempted to open the attachment out of curiosity, or even alarm if they have been driving in New York City, but do not, or you may end up with a computer infected with malware.

However, the message is certainly not from New York State Police and the attachment does not contain a speeding ticket. In fact, the attachment contains a trojan that, if opened, can install itself on the user’s computer. Typically, such trojans are able to contact a remote server and download further malware that can steal information from the infected computer and allow criminals to control it from afar.

The email sender address has been reported as automailer.nnn, no-reply.nnn and info.nnn, all purportedly at It goes without saying that the New York State Police and the New York State Department of Motor Vehicles have nothing to do with this email, and this should be treated as all Viruses and Spyware. The New York State Police Computer Crime Unit has issued a Hoax E-mail Alert dealing with the Uniform Traffic Ticket Malware Spam.

The attached file, which is called something like,, or just, is designed to download further malicious code onto your computer and compromise your security. Sophos anti-virus products detect the malware payload as Mal/ChepVil-A, while the CyberCrime & Doing Time Blog identifies that the malware connects to a Russian domain and downloads files called “/ftp/g.php” and “pusk3.exe”.

The Uniform Traffic Ticket Malware Spam email is probably the work of a Botnet, which is a group of computers infected with malicious software and controlled as a group without the owners’ knowledge. The network of private computers, sometimes known as zombies or robots, run autonomously and automatically to send out spam emails to encourage users to open virus or Trojan infected attachments. This means that it is pointless blocking the sender, as the sender address is forged, and unrelated to the actual computer used to send the email.

We recommend that you delete the e-mail it and not forward it to anyone else. Make sure that you have active anti-virus software, and have your firewall switched on. Of course you should only open e-mails from familiar and trusted sources; if you really have been speeding in New York City, the New York State Department of Motor Vehicles will certainly find a way to let you know!

For further information on this subject:

Are Automotive Autopilots The Future Of Personal Travel?

Just for a change, let us venture away from the technology of personal computing and productivity, and into the automotive area. On-board computers have been getting smarter, just like hand held technology, so automotive manufacturers have had plenty of scope for adding new features like smart cruse control, automatic breaking and auto-park. Now those features have been taken a stage further so it is possible to see automotive autopilots becoming the future of personal transport.

Since it became known that Google has been using using driver-less cars for some time, a few things have happened. Firstly people have divided into two camps, those vociferously against the idea on all sort of grounds, and those for whom this technology could be start of the brave new world. Secondly, legislators have started to take notice. The US state of Nevada has set in motion Assembly Bill 511, which requires the state’s Department of Motor Vehicles to write rules of the road for self-driving cars.

According to news announcements, Google’s fleet of six Toyota Priuses and an Audi TT drove more than 140,000 miles and almost all of them were on auto-pilot, though Google staff manned the cars but not the controls. The only incident occurred when a car driven by a person rear-ended one of Google’s cars. The trials were conducted with safety as paramount, and having informed local law enforcement, and each trip was preceded by a normally driven car recording the route to be traveled. Never the less this is a significant step forward in motor transport technology.

The knockers have had plenty of ground for resisting this particular advancement, including potential loss of jobs, issues of safety, challenge of unpredictable circumstance and personal resistance. One commentator puts it succinctly when he said (in the style of the American NRA) “You’ll have to pry my 5-speed manual transmission from my cold, dead hands.”! This attitude has been captured by marketing types, as one automotive manufacturer, Dodge, have even incorporated this resistance into their commercial for the new 2011 Charger, see below.

On the plus side, the expected advantages of this technology include potentially safer roads, less pollution, higher traffic density due to the elimination of human response times, and freeing up of personal time for the driver. It could even allow for platooning, which is a concept of grouping vehicles into platoons which decrease the distances between cars using electronic, and possibly mechanical coupling, as a method of increasing the capacity of roads. The idea is attractive to local government organizations responsible for roads as it does not require expensive road sensors to be be built into the carriageway, or special trackways like some earlier attempts at driver-less cars.

Whatever your point of view, this is a technology which has the potential to change the way we use the roads, and may make the future for personal transport completely different to everything which has gone before. Automotive Autopilots may be the future of personal travel.

For more on the subject of Google and their auto-piloted cars, see the following links:

If you want to see the 2011 Dodge Charger Commercial check out Dodge Rebels Against Robots in New 2011 Charger Commercial