« Religion | Main | Signs, visual media »
Tuesday, April 01, 2008
IRS Phishing Update
Have you noticed any increase in your spam and junk mail lately? I just received this notice about a fake IRS phishing email that is going around. I have seen several of these in my junk mail folder but just emptied the folder without looking at it.
This info came to me in email from:
Lt. James “EMO” Tichacek, USN (Ret)
Director, Retiree Assistance Office, U.S. Embassy Warden & IRS VITA Baguio City, RP
http://post_119_gulfport_ms.tripod.com/rao1.html
IRS Phishing Update 02 (3000% Increase in JAN)
IRS Phishing Update 02: E-mails that fraudulently claim to be from the Internal Revenue Service to trick taxpayers into giving up personal information have increased significantly this tax season, according to the IRS and a security vendor. For two years, the IRS has warned consumers about the fraudulent use of the IRS name or logo in "phishing" attempts" in which criminals try to gain access to consumers' financial information to steal their identities and access banking accounts. In 2006, the agency established the e-mail address phishing@irs.gov for victims to report incidents along with guidelines on how to do this at http://www.irs.gov/privacy/article/0,,id=179820,00.html As of March of this year, almost 34,000 emails were identified as phishing attempts -- 611 in the first few months of 2008. Of those attempts that occurred in 2007, the IRS was able to trace the code from the e-mails back to 862 individual phishing schemes. But that number is likely just a small portion of the total. "This is a self reporting group," said IRS spokeswoman Michelle Lamishaw. "The group of people actually receiving them is much larger." The total number of phishing incidents that have occurred this tax season is difficult to estimate, and those vary according to the source. Internet security software vendor Secure Computing says the number of phishing Web sites targeting the IRS increased 3,000% in January compared to JAN 07. Secure Computing, based in San Jose CA declined to provide the specific number of phishing attempts, saying they are proprietary.
The company also reported an increase in the number of phishing Web sites that are targeting the Electronic Federal Tax Payment System. The majority were traced to locations in the United States. In terms of phishing attempts, Secure Computing identified 583 different fraudulent IP addresses sending e-mails on behalf of IRS.gov between 1 JAN and 5 FEB and more phishing scams in January than for all of the first six months of last year. "We're also noticing other sites that offer tax-related services getting targeted -- accountants and tax service businesses, for example," said Paula Greve, director of Web security research at Secure Computing. "These [scams are coming] at taxpayer citizens on all sides, gaining hold of their information." Phishing schemes have become more sophisticated, now including links that lead to fake but professionally designed Web sites and bogus interactive applications from the IRS. In one example, a link takes consumers to what appears to be the IRS "Where's My Refund" page, which asks taxpayers to check on the status of their tax refunds. The real IRS application asks for customers' Social Security number, filing status and the refund amount; the bogus page typically asks for additional personal information, including a bank account number.
Some phishing scams pull from current
events, such as claiming to relate to the economic stimulus package
approved by President Bush or targeting organizations that distribute
funds to other organizations or individuals. Often the scam e-mails
claim to be sent by the director of the exempt organization's area of
the IRS, asking recipients to click on a link to access a form that is
typically a phishing attempt or download information on tax law changes
that, in fact, downloads malicious code onto a taxpayer's computer that
then can take over the hard drive and access files containing personal
information. "Anybody can spoof a Web site," Lamishaw said. "It's not
that hard. They just capture all of the graphic elements and the font
and so on, and then manipulate the information and questions." No matter
how sophisticated the e-mail, Lamishaw warns consumers not to be fooled.
"IRS is not in the habit of sending unsolicited e-mails," particularly
those that ask for any account-related information. "The few e-mails we
send are of the newsletter sort -- where we're sending info to
stakeholders. No one should expect anything, no matter how legitimate it
looks."
[Source: GovExec.com newsletter 26 Mar 08 ++]
Technorati Tags:phishing,
email, irs
Generated
By Technorati
Tag Generator
