Friday, July 14, 2006

IRS Renews Phishing Awareness Campaign

The IRS is reacting to recent phishing attempts, which are designed to steal people's personal information. Once stolen, this information is normally used in "identity theft" schemes, but they could be used by illegal immigrants (or in theory) terrorists.

In a recent release from the IRS site:

The IRS saw an increase in complaints in recent weeks about these e-mails, which are designed to trick the recipients into disclosing personal and financial information that could be used to steal the recipients’ identity and financial assets.

“The IRS does not send out unsolicited e-mails asking for personal information,” said IRS Commissioner Mark W. Everson. “Don’t be taken in by these criminals.”

The IRS has seen a recent increase in these scams. Since November, 99 different scams have been identified, with 20 of those coming in June – the most since 40 were identified in March during the height of the filing season.

Many of these schemes originate outside the United States. To date, investigations by the Treasury Inspector General for Tax Administration have identified sites hosting more than two dozen IRS-related phishing scams. These scam Web sites have been located in many different countries, including Argentina, Aruba, Australia, Austria, Canada, Chile, China, England, Germany, Indonesia, Italy, Japan, Korea, Malaysia, Mexico, Poland, Singapore and Slovakia, as well as the United States.

If you get any of these e-mails, the IRS requests that you forward them to I highly recommend that you do so - the IRS seems to be actively investigating them.

For the full news release: Click Here.

Here is a story from about illegal immigrants using people's personal information.

In another vein, here is a story (released in March by the Washington Post) about how tax preparers are trying to "legally" sell information from people's tax returns.

Sadly enough, my personal belief that the current "identity theft" crisis has (in part) been spawned by the mass gathering of people's personal information for marketing purposes.

Tuesday, July 11, 2006

Phishermen Using "Stop Fraud Now" Hook

Phishermen use all kinds of "lures." In this latest ploy (reported by Websense), they are even invoking the name of the FBI and the National White Collar Crime Center in their phishing scheme.

The problem is that anyone, who chooses to use their "free service," will become another "identity theft" statistic.

Here is the alert from Websense:

Websense® Security Labs™ has received reports of a new phishing attack that targets customers of Bank of America and various other banks. Users receive a spoofed email message, which claims that a new security program called SFN (Stop Fraud Now) has been launched. The program claims to provide protection against cloning of credit cards and asks users to provide details, such as Social Security Number, card number, and ATM Personal Identification Number (PIN). The message provides a link to a phishing website that requests users enter their personal information and account details.

The phishing site is hosted in Canada and was up at the time of this alert.

Phishing email:

Bank of America' in collaboration with ALL the banks around the world which offers services of transactions through the internet and not only and several institutions against frauds launched a revolutionary program called SFN (Stop Fraud Now)'.

By registering on SFN your card is protected 99.99%. You probably wonder why we say that the chances of suffering a loss are 0. The moment you register you will receive a code which contains an international unique code (IUC). This code arrives to the bank which your card was released from. This way your card can't be cloned without knowing this code. Only the issuer bank can reproduce your card in case you loose it or has been stolen. Also you have many options from your account. On-line assistance through chat or virtual phoning (skype) non-stop and also the possibility of blocking your account through the push of a button anytime you find anything suspicious about it. You can unblock it as easy after solving the issues. Another helpful option you can find it in the internet Online section. There you have two buttons On-line and Off-line which allows y! ou to keep your card off-line for transactions and to active it only when you wish to shop or make a transaction. We guarantee it's a 100% efficient and secure program and monitored 24 hours a day, 365 days a year.

Click here <> to see the list of banks which support SFN program

Click here <> to visit our website for more informations!

JOIN NOW FOR MORE PROTECTION!Your card no longer can be cloned! Your card is monitored non-stop for a period of 356 days preventing suspicious transactions on the internet but also from the bancomat!

You have free assistance from our team anytime you're unclear about our services! Once you created your account you can set your card to on-line or off-line for internet transactions! This option offers you 100% ASSURANCE that ONLY YOU are able to use the card for online transactions!

The chances of being a victim of a material loss is 0.01% and in the case supposing our system didn't work at the efficiency we promised, we guarantee 100% that your money will be recovered!This service is offered by Bank of America in association with European Central Bank and National Australian Bank The project is of federal nature and is protected by the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C). It is 100% FREE !

For more information about this program visit our website

Bank of America
Electronic Banking Services
P.O. Box 37000
San Francisco, CA 94137

For the full Websense alert, link here.

My fantasy is that the FBI reaches across the border to the RCMP (Royal Canadian Mounted Police) and takes this one down!

This isn't the first time, the cybercriminals have used the name of the FBI:

The FBI Doesn't Notify People They Investigate

Monday, July 10, 2006

Phishermen Luring Victims with Google

Phishermen try to lure their victims with whatever is popular and there is no doubt "Google" is popular. Because of this, the phishermen are trying to tarnish Google's good name!
In November, Websense issued this alert:
Websense® Security Labs™ has received reports of a new phishing attack that targets users of Google's search engine. Users are redirected to a spoofed copy of Google's front page with a large message claiming "You WON $400.00 !!!". Users are presented with instructions for collecting their prize money. These instructions direct users to enter their credit card number and shipping address. Once the information has been collected, users are directed to Google's legitimate website.
This phishing site is hosted in the United States and was up at the time of this alert.
For the November version with screenshots, link here.
And today Websense released another version of this scam:
Users are shown a spoofed copy of the Gmail login page with a message claiming, "You WON $500.00!" The message states that this prize money will be delivered to an e-Gold, PayPal, StormPay, or MoneyBookers account of their choice. If users select an account, they are informed that this prize money is only available to "premium members" of "Gmail Games." The page states that "Gmail Games" membership requires an $8.60 registration fee, and then asks users to pay the registration fee or forfeit the $500 prize money. Users are directed to an actual payment site to deliver the registration fee.
This phishing site is hosted in the United States and was up at the time of this alert.
Sample Email Lure:*
*You won $500! Gmail congratulates you!* *CONGRATULATIONS!YOU WON $500!*Gmail gives members random cash prizes. Today, your account is randomly selected as the one of 12 top winners accounts who will get cash prizes from us. Please click the link below and follow instructions on our web site. Your money will be paid directly to your e-gold, PayPal, StormPay or MoneyBookers account.
Click here to get your prize:
The staff
For the alert with screenshots, link here.
The Phishermen will always try to use "trusted" names to further their misdeeds. Education is the best defense against Internet scams and sharing knowledge is something all of us can do!