Wednesday, March 22, 2006

IRS and Websense Update Phishing Alerts

Any significant time of year, or newsworthy event attracts internet fraudsters bent on stealing your identity. Recently, the news has been filled with stories of phishing scams related to tax time. In traditional phishing scams, the unwary person is tricked (normally via an e-mail) into giving out personal information on a spoofed (fake) site. While the traditional phishing attempts are still out there, a more dangerous version of this scam exists that doesn't require the victim to give up their personal information. When the intended victim visits the site, crimeware (sometimes known as malicious software, or malware) is injected into their system.

Normally, the malware, or spyware injected into systems to steal personal information are Keyloggers. This malware (spyware) records key strokes on a system and transmits them back to the criminals, who normally are using it to commit identity theft.

Interestingly enough, a lot of this technology is legal and routinely sold over the internet.

Here are two updated warnings from Websense and the IRS, itself:

Websense Security Labs has discovered tax attacks targeting the U.S. in several countries outside of the U.S. hosted on compromised web servers. For example, one of the largest IRS phishing campaigns claims that the taxpayer is eligible for a refund and needs to log on to a website to verify their information. Users receive one of a variety of email messages with a link to a fraudulent website. Upon accessing the spoofed tax website, the user is then forwarded to a fraudulent site that requests credit card information and other personal identifiers. The intent of these attacks is to dupe users into revealing confidential information which can be used for withdrawing funds.

For the full press release by Websense:

Tax Attacks: Tech Thieves Target Online Tax Return Filers

Just a few days ago, the IRS itself updated their warning on this activity.

The following are examples of recent schemes reported on the IRS (updated) warning:

e-Mails claiming to come from, or other variations on the theme told the recipients that they were eligible to receive a tax refund for a given amount. It directed recipients to claim the refund by using a link contained in the e-mail which sent the recipient to a Web site. The site, a clone of the IRS Web site, displayed an interactive page similar to a genuine IRS one; however, it had been modified to ask for personal and financial information that the genuine IRS interactive page does not require.

The Treasury Inspector General for Tax Administration (TIGTA) has reported that it found 12 separate Web sites in 18 different countries hosting variations on this scheme.

A bogus IRS letter and Form W-8BEN (Certificate of Foreign Status of Beneficial Owner for United States Tax Withholding) asked non-residents to provide personal information such as account numbers, PINs, mother's maiden name and passport number. The legitimate IRS Form W-8BEN, which is used by financial institutions to establish appropriate tax withholding for foreign individuals, does not ask for any of this information.

To protect against potential identity thieves, take the following steps:

Be skeptical of communications you receive from sources you are not expecting. Verify the authenticity of phone calls, standard mail, faxes or e-mails of questionable origin before responding.

Do not reveal secret passwords, PINs or other security-based data to third parties; genuine organizations or institutions do not need your secret data for ordinary business transactions.

Do not click on links contained in possibly questionable e-mails; instead, go directly to the site already known to be genuine. For example, the only address for the IRS Web site is, any other variations on this will not lead to the legitimate IRS Web site.

Do not open attachments to e-mails of possibly questionable origin, since they may contain viruses that will infect your computer.

Shred paper documents containing private financial information before discarding.

To report the fraudulent misuse of the IRS name, logo, forms or other IRS property, you may contact the TIGTA toll-free hotline at 1-800-366-4484 or visit the TIGTA Web site.

Those who think their identity has been stolen should visit the Federal Trade Commission's Web site for information about how to handle the aftermath of identity theft.

Here are some previous posts on tax fraud:

Tax Season Brings Out the Low Tech Fraudsters

The Dirty Dozen Tax Scams


Anonymous said...

I've seen several of these e-mails in my inbox.

Anonymous said...

I have gotten them also. They do look real.

prying1 said...

Let's sing it,

"When will we ever learn? ... When will we e - e - ever lleeeeaarrrnnn?

- Sorry I dated myself...