Warning: IRS Phishing Scam is in the Wild

The machines we love to hate

Moderator: Wiz Feinberg

User avatar
Wiz Feinberg
Posts: 6113
Joined: 8 Jan 1999 1:01 am
Location: Mid-Michigan, USA

Warning: IRS Phishing Scam is in the Wild

Post by Wiz Feinberg »

This warning cones from threat analysis company Sophos, and is dated November 30, 2005. The advisory is posted here: http://www.sophos.com/pressoffice/news/articles/2005/11/irsphish.html

This is the gist of the warning.
<BLOCKQUOTE><font size="1" face="Verdana, Arial, Helvetica">quote:</font><HR><SMALL>
<h3>Phishers send email posing as IRS tax refund</h3>
<h4>Link to legitimate government website bounces you into the hands of phishers</h4>


Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned internet users of a phishing email which aims to steal from American taxpayers by posing as notification of a refund from the Internal Revenue Service (IRS). The phishers are taking advantage of a security configuration error on the real US Government website which is allowing phishers to redirect visitors to a bogus website.</p>

The email invites taxpayers to visit a website to collect their refund.

In an attempt to look more legitimate, the email tells users to cut-and-paste the link into their web browser rather than click directly on it. Although the link does use the genuine domain name of a real government website (www.govbenefits.gov), a mistake in the way the website has been set up bounces surfers to a bogus site run by the phishers.</p>

The bogus benefits website asks for information from taxpayers.

"This phish tells you that the IRS owes you several hundred dollars, and offers you a web link from which you can allegedly claim your tax refund," said Graham Cluley, senior technology consultant at Sophos. "But the link in the email simply bounces you off a US Government website onto a site owned by the criminals, who are ready and waiting to steal your credit card details, Social Security Number and other personal information." </p>
</SMALL><HR></BLOCKQUOTE>
<hr>
I urge all SGF members to exercise common sense and view all unsolicited emails of this nature with extraordinary suspicion. I hope that the US Government agency involved patches it's web server, real fast.

A similar technique was used by eBay phishers a month or so ago, to redirect respondents away from eBay to a phony login site, but that code vulnerability was quickly patched when eBay was made aware of it.


------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
<small>Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services</small>

Top

Return to “Computers”