CERT Warning: IRS Refund Phishing Scam

Community

Email Notifications

Personal Links

Harry Waldron - IT Security

Security Developments, Software Updates and Best Practices

This CERT warning contains excellent information for users. Like banks, the IRS does not do official business using email messages. A copy of this CERT warning is below which provides a number of informative links on how to deal with phishing scams.

http://www.us-cert.gov/current/current_activity.html#irspham

QUOTE:

IRS Phishing Scam and Identity Theft

added January 3, 2007

US-CERT continues to receive reports of phishing scams that target online users. Most recently, users have reported receiving emails that appear to be from the Internal Revenue Service (IRS). The phishing email claims to offer a tax refund and requests users to click on a link to provide personal and possibly sensitive information. Identity thieves could use this information to further compromise unsuspecting victims.

A spokesperson for the IRS has confirmed that they do not solicit anything by email.

US-CERT reminds users to remain cautious when receiving unsolicited email that could be a potential phishing email. US-CERT reminds users to remain cautious when receiving unsolicited email. US-CERT encourages users to report phishing incidents based on the following guidelines:

Federal agencies should report phishing incidents to US-CERT.
Non-federal agencies and other users should refer to OnGuard Online, a consortium of federal agencies, for information on reporting phishing incidents.

CERT RECOMMENDATIONS - PREVENTION AND REPORTING TECHNIQUES

Additionally, users are encouraged to take the following measures to prevent phishing attacks from occurring:

Do not follow unsolicited web links received in email messages.
Contact your financial institution and file a complaint with the Federal Trade Commission (FTC) immediately if you believe your account or financial information has been compromised.
Review FTC's web site on how to protect yourself from identity theft.
Review the OnGuard Online practical tips to guard against Internet fraud, secure your computer, and protect your personal information.
Refer to the US-CERT Cyber Security Tip on Avoiding Social Engineering and Phishing Attacks.
Refer to the CERT Coordination Center document on understanding Spoofed/Forged Email.

Additional Links on IRS Refund Phishing Scam
http://www.hoax-slayer.com/irs-phishing-scam.html
http://www.irs.gov/newsroom/article/0,,id=154848,00.html
http://www.nydailynews.com/business/story/484500p-407884c.html

Castlecops Fried Phish reports (several)
http://www.castlecops.com/postlite173357-irs.html

IRS - Suspicious e-Mails and Identity Theft (EXCELLENT)
http://www.irs.gov/newsroom/article/0,,id=155682,00.html

HOW TO SUBMIT SAMPLES:

IRS: The IRS is collecting samples for analysis
email: phishing (at) irs (dot) gov

PIRT: www.castlecops.com is an excellent organization devoted to protecting users from phishing attacks
email: PIRT (at) castlecops (dot) com

Posted: Jan 03 2007, 11:46 PM by Harry Waldron | with no comments

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.

Recent Posts