jokach
December 3rd, 2005, 01:06 PM
Apparently, CNN is reporting that there is a phisher scam being circulated that promises a tax refund, and oddly enough, it uses a loophole in the IRS's actual website to steal money from your bank account.
This is one to watch out for, it seems better organized and easier to fall for than the regular run of the mill Ebay or Paypal phisher site... take warning to NEVER click a link in an email.
Posted from:
http://money.cnn.com/2005/11/30/technology/irs_phishing.reut/
Security firm warns of IRS Web scam
'Phishing' scam promise of tax refund in e-mail before redirecting visitors to phony Web site.
November 30, 2005: 5:39 PM EST
By Daniel Sieberg, CNN technology correspondent
ATLANTA (CNN) - A British-based Internet security firm is warning people about an e-mail that promises a tax refund from the U.S. Internal Revenue Service but could instead clean out their bank accounts.
This time, the scam artists are exploiting a loophole that's allegedly built into the real IRS Web site.
The e-mail, which started circulating a couple days ago, claims the recipient has only 12 days to claim a tax refund of $571.94 and that the necessary forms can be accessed through the IRS site. The fraudulent message says a refund can be delayed for any number of reasons, and encourages people to take action immediately.
So-called "phishing" e-mails look legitimate, often with corporate logos and language, and usually contain a hyperlink within the message steering people to a particular Web site. Once people arrive at that real-looking site (in this case, one designed to look like the IRS), they're asked to enter or update personal information like a Social Security number, mother's maiden name and credit card data.
Recent media stories have cautioned people not to click on links within e-mail messages. But this time, the phishers hope to lure people in by suggesting that the link can even be cut and pasted into a browser window. At first glance, the URL appears real -- an extension of the www.govbenefits.gov site. But typing the full fake link from scratch, even with the real "govbenefits.gov" domain, would yield the same result as taking people to the fake page.
Sophos, which tracks viruses, spyware and other malicious programs, says this scam works because of a vulnerability on the IRS Web site. Sophos says the phishers did not break or hack into the IRS site, but rather used its inherent design to "bounce" people from the real site to fake one.
"The phishers are taking advantage of an apparent security configuration error on the real U.S. government Web site, which is allowing them to redirect visitors to a bogus Web site," writes Sophos in a news release.
This tactic is more advanced than a typical phishing scam since the link appears to send people to a real site.
"This is a warning to every business and agency that runs a Web site to be very careful that it cannot be abused to bounce Web surfers elsewhere," said Sophos' Graham Cluley.
But a representative for the IRS said in an e-mail that "the IRS technical staff has investigated and determined that IRS.gov is a secure site. Any Web vulnerabilities exploited by this scam are not caused by the IRS site."
The IRS representative also said no changes have been made to the site as a result of this scam, and stands by its site's integrity.
At this point, the fake IRS Web site has been taken down, though Cluley warns it could easily be resurrected at any time. He was unsure how many of these IRS phishing e-mails are circulating right now, but said the number is relatively small at this point. He does not know where it originated.
"Everyone loves the idea that the government owes them money," said Cluley. "Unfortunately, that's usually too good to be true."
The IRS said the agency does not send unsolicited e-mails, and people can call the IRS at 800-829-1040 to check the status of their accounts -- including any potential refunds.
jokach
This is one to watch out for, it seems better organized and easier to fall for than the regular run of the mill Ebay or Paypal phisher site... take warning to NEVER click a link in an email.
Posted from:
http://money.cnn.com/2005/11/30/technology/irs_phishing.reut/
Security firm warns of IRS Web scam
'Phishing' scam promise of tax refund in e-mail before redirecting visitors to phony Web site.
November 30, 2005: 5:39 PM EST
By Daniel Sieberg, CNN technology correspondent
ATLANTA (CNN) - A British-based Internet security firm is warning people about an e-mail that promises a tax refund from the U.S. Internal Revenue Service but could instead clean out their bank accounts.
This time, the scam artists are exploiting a loophole that's allegedly built into the real IRS Web site.
The e-mail, which started circulating a couple days ago, claims the recipient has only 12 days to claim a tax refund of $571.94 and that the necessary forms can be accessed through the IRS site. The fraudulent message says a refund can be delayed for any number of reasons, and encourages people to take action immediately.
So-called "phishing" e-mails look legitimate, often with corporate logos and language, and usually contain a hyperlink within the message steering people to a particular Web site. Once people arrive at that real-looking site (in this case, one designed to look like the IRS), they're asked to enter or update personal information like a Social Security number, mother's maiden name and credit card data.
Recent media stories have cautioned people not to click on links within e-mail messages. But this time, the phishers hope to lure people in by suggesting that the link can even be cut and pasted into a browser window. At first glance, the URL appears real -- an extension of the www.govbenefits.gov site. But typing the full fake link from scratch, even with the real "govbenefits.gov" domain, would yield the same result as taking people to the fake page.
Sophos, which tracks viruses, spyware and other malicious programs, says this scam works because of a vulnerability on the IRS Web site. Sophos says the phishers did not break or hack into the IRS site, but rather used its inherent design to "bounce" people from the real site to fake one.
"The phishers are taking advantage of an apparent security configuration error on the real U.S. government Web site, which is allowing them to redirect visitors to a bogus Web site," writes Sophos in a news release.
This tactic is more advanced than a typical phishing scam since the link appears to send people to a real site.
"This is a warning to every business and agency that runs a Web site to be very careful that it cannot be abused to bounce Web surfers elsewhere," said Sophos' Graham Cluley.
But a representative for the IRS said in an e-mail that "the IRS technical staff has investigated and determined that IRS.gov is a secure site. Any Web vulnerabilities exploited by this scam are not caused by the IRS site."
The IRS representative also said no changes have been made to the site as a result of this scam, and stands by its site's integrity.
At this point, the fake IRS Web site has been taken down, though Cluley warns it could easily be resurrected at any time. He was unsure how many of these IRS phishing e-mails are circulating right now, but said the number is relatively small at this point. He does not know where it originated.
"Everyone loves the idea that the government owes them money," said Cluley. "Unfortunately, that's usually too good to be true."
The IRS said the agency does not send unsolicited e-mails, and people can call the IRS at 800-829-1040 to check the status of their accounts -- including any potential refunds.
jokach