Revenue is writing to 3,000 people after identifying that their bank, credit card, and personal online details may have been compromised by scam-artists.
The potential victims were sent an SMS message claiming they were due a tax refund that led to a false myAccount online login page.
The scammers may then have harvested passwords potentially giving access to the taxpayer’s banking and personal data, including their credit card details.
Revenue had issued a warning about the phishing scam earlier this month advising all its 2.6 million account holders it never communicates news of tax refunds by SMS.
A computer sweep has now identified that the personal details of up to 3,000 people may have been compromised if they responded to the SMS text.
In a letter to the 3,000 potential victims, the Revenue warns that the personal myAccount service “may have been accessed by fraudsters, cyber-criminal or scam-artists”, using an SMS alert that led to a false myAccount login screen.
Providing password details, “the fraudsters will have captured your PPSN, Date of Birth and myAccount Password and possibly used them to log on to your Revenue myAccount, where they would gain access to your Banking Details (BIC, IBAN)”, the letter says.
“Did you have any follow-up queries or requests for information on your credit card details? If so, and you provided these details, the fraudsters, unfortunately, have your credit card details”, it says.
Revenue has advised the 3,000 myAccount holders that as a security measure it temporarily suspended their access which, however, can be restored through the Revenue site.
A Revenue spokeswoman said it has 2.6 million accounts on its online services and stressed that the Revenue’s own systems were not subject to any hack.
Revenue staff was among the people who had received the random SMS texts, a spokeswoman said.
She said it was similar to phishing operations targeted on bank account holders and didn’t appear to be linked to people who may have been financially stressed during the Covid-19 crisis.
“Revenue constantly monitors for suspect online activity on all its services and takes action as soon as such activity comes to light. For example, where potential phishing websites are detected, we immediately seek to have them taken offline by reputable hosting services,” said its chief information officer, John Barron.
“Following an investigation by Revenue’s IT Department into this latest scam, we are contacting approximately 3,000 taxpayers to make them aware of our concerns that their personal details may have been accessed, the possible serious implications for them and to set out some practical things they can do to minimise the extent of any fraud perpetrated against them,” he said.