Web security company M86 Security Labs, which is now part of TrustWave SpiderLabs, is inadvertently helping fraudsters to carry out phishing attacks against HM Revenue & Customs.

The spoof emails involved in the ongoing attack look practically the same as many previous HMRC phishing emails — and that’s because the content within the email body is being served directly from the M86 Security Labs website. The emails simply display a PNG screenshot of an email that was featured in a 2010 blog post by M86 Security Labs, which warned potential victims about an HMRC phishing attack.

As you know, at MetaCert we are concerned more about what consumers do on mobile. It’s easier to fall victim to spoofed websites when using a mobile app. The screen is smaller, the URL is normally hidden and people seem to trust any type of content inside an app that they trust.

You can read the full article on netcraft.com