Friday, September 01, 2006

How to Deal with Phishing - A Major Cause of Identity Theft

There has been a lot of publicity about the IRS being phished. Phishing is a ploy to steal people's personal information, which is then used to commit identity theft.

Phishing attempts disguise themselves as government agencies, financial institutions, charitable organizations AND (too frequently), eBay or PayPal.

Here is an obvious phish, I got just this morning:

Date: Thu, 31 Aug 2006 20:01:26 -0500
To: tedrichardson9925@sbcglobal.net
Subject: Tax Information - tedrichardson9925@sbcglobal.net - (Code 7624-6263)
From: "IRS.gov" service@IRS.gov






Account : tedrichardson9925@sbcglobal.net Number : 7624

After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $191,40. Please submit the tax refund request and allow us 5-7 days in orders to process it.

A refund can be delayed for a variety of reasons. For example submitting invalid records of applying after the deadline.

To access the form for your tax refund, please (link removed).

Regards,

Internal Revenue Service

Note that this appears to be sent from "IRS.gov" service@IRS.gov, which is obviously a "spoofed" e-mail address.

Here is the web address - which I removed above:

http://rds.yahoo.com/_https://sa1.www4.irs.gov/irfof/
lang/en/irfofgetstatus.jsp?6263/**http://www.abandonship.com/g2data/irs/.

An easy way to get the web address is to "hover" your mouse over the "click here" and read what comes up on the bottom of the screen. You can also copy it (if you want) by "left clicking" on your mouse and clicking on the "copy shortcut" bar.

Here is the web address of the real IRS site:

http://www.irs.gov/

Not a good match and obviously a phish.

*Please note that unless you and your "system" are "bulletproof" never click, or go to a phishing site. There is a possibility that by doing so you might "unknowingly" download malware, which can also lead to "identity theft."

Never fear, there are great places - with "bulletproof" protection - that will take care of it for you.

If you get a phishy e-mail - you can turn it into "fried phish" by sending it to the good folks at PIRT-Phishing Incident Reporting and Termination Squad. They have a module to report "suspected phishing activity," or you can forward the "suspected phish" to PIRT@Castlecops.com.

PIRT is a joint venture by CastleCops and Sunbelt Software - and they will report it to the right people, including law enforcement.

The IRS also has a dedicated e-mail address to report IRS phishing attempts, phishing@irs.gov.

Reporting the Phishermen is a kind thing - this foul activity causes people a lot of pain and suffering.

4 comments:

Gary said...

Hi Ed.

I'd just add a very small rider to your item: please don't bother reporting phish unless you are quick, i.e. within say half an hour of the thing arriving in your inbox. After that time, your phishing report will just add to the tide of reports that arrive after a major phisher spam goes out. There is value in being the first to report, not the last.
[And I'll add a rider to my rider! If you have been hit by a spear-phish - a very narrowly targeted phish - then you should report it as few if any others will have go it. And no, I can't give you a fool-proof method to distinguish phish from spear-phish :-( ]

Anonymous said...

typo/error in "An easy way to get the web address" NOT LEFT-CLICKING - this takes you to the site! Should say "right-clicking". (Hope I cut my connection fast enough. - I wondered what you meant and should have wondered a bit more before following the directions.)

Anonymous said...

typo/error in "An easy way to get the web address" NOT LEFT- CLICKING! Should say right-clicking.

Anonymous said...

Unfortunately, most people will not know to who or where to report this, thats if they realize that this is not legit. Thousands of people will be fooled. The media needs to be involved to tell the public what to do and do it fast.