IRS e-mail is ID Theft ploy (repost)

Too many obligations, too little time. When it rains, it pours. Etc. and so forth. And so today I must re-post a prior article. This article on e-mail security –and “phishing”– appeared quite recently, but it is tax season and the advice contained is important; so,…

The bad guys just keep getting better and better at what they do, and it is up to us to become ever more alert, wary, and defensive. Regular readers of this series will be aware of “phishing” e-mails, but for a quick recap; phishing e-mails are generally spam (unsolicited) messages containing a “hyperlink” (a click-able link to a website), and the link takes you to the spammer’s/hacker’s malicious website. The idea is (usually) to get you to enter information, which the bad guy can then use to fraudulently pass themselves off as you.. this is a type of Identity Theft.
(Folks, if you haven’t read Wikipedia’s page on phishing, may I suggest that you do? It is very enlightening and interesting. I have included a link in the second sentence– click on the [blue] word phishing.)

The odds are very, very good that you, Dear Reader, have already received –and recognized– a phish. Perhaps it was an <URGENT> email from some bank stating that “your information needed updating”.. and that you needed to hurry, hurry, hurry and do something about it.
Only, you have never banked at that particular bank.
(My example is often used for Pay Pal phishes, as well.)

There is a new phish that is aimed at those folks who are waiting for their tax rebate, and this phish is very well done. None of the ‘give-it-away’ amateurish typos and poor grammar are there; the page mimics the real site very well, and sometimes, the e-mail contains your name.
This is from a report by Message Labs:

“Spammers are taking advantage of the approaching tax season with a new outbreak of fraudulent e-mails about taxes. These fraudulent tax related e-mails appear to come from the IRS’s Web site, http://www.irs.gov/, but is actually a fake site hosted by spammers on domains originating in Russia and other former Soviet countries.
“They are working to convince consumers that these e-mails are real by making it seem like a real IRS site,” said Paul Wood, senior analyst at MessageLabs.

All links within these e-mails go to two or three phishing pages. If a recipient clicks on the link and completes the form requesting personal and financial information, the site then redirects to the actual IRS Web site.

“Some of these e-mails we’ve intercepted have a person’s name in them. Having these kinds of personal details make it more convincing,” Wood added.

I would like to remind you, Dear Reader, that reputable institutions do not use e-mail to notify you of “strange account activity”, nor to get you to “update your information”. The IRS is no exception.
I would also like to take this opportunity to remind you not to click on links you receive in e-mails, but to Copy >Paste the link into your browser’s address bar… and if the e-mailed link was unexpected and unsolicited, don’t even do that.

I also recommend you turn on your browser’s phishing filter if you haven’t already done so. My How To is here, https://techpaul.wordpress.com/2008/01/18/phishing-phraud/.

Today’s free link: As my loyal readers know, I like to play games on my computer from time-to-time. While drag racing is not really my thing, I did have fun with the online game Street Challenge. If you’re into fast cars and you like going for the checkered flag, check this game out.

Copyright 2007-8 © Tech Paul. All rights reserved.

Share this post :

March 5, 2008 - Posted by techpaul | advice, computers, how to, PC, Phishing, privacy, security, spam and junk mail, tech | hyperlinks in e-mail, IRS phish