Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91806 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

New Twist in IRS Phishing Scams


  • Please log in to reply
4 replies to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 28 February 2008 - 04:23 PM

FYI...

- http://asert.arborne...phishing-scams/
February 28, 2008 - "Earlier today I got a new phishing scam in my inbox, this one for the IRS. I’d love a tax refund, but I don’t think this is how they normally notify you. The lure email is shown... and is quite standard in its formatting. It even threatens you with criminal prosecution if you lie... This is a new twist in phishing attacks that can bypass the normal URL filtering bar for malicious sites. It requires that the mechanism that determines if it’s a phishing site recognize that EXEs can also be used in phishing. It makes sense that this would evolve, I suspect we’ll see more of this soon. I ran the sample through VirusTotal for an overview of the AV detection and saw that it’s not as well detected as it could be... In the time between getting this sample, notifying people, and analyzing the sample, it was shut down. Good."

(Screenshots available at the URL above.)

:ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

    Advertisements

Register to Remove


#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 01 April 2008 - 05:53 AM

FYI...

More IRS scams...
- http://www.us-cert.g...rvice_tax_scams
updated April 1, 2008 - "US-CERT is aware of a series of email scams circulating that are related to the United States Internal Revenue Service. Attacks have been observed that use email to convince users to perform the following actions:
* open an email attachment containing bogus tax documents that are embedded with malicious code
* follow a link to an unofficial tax website that contains malicious code
* follow a link to an unofficial tax website that requests personal information from the users as part of a phishing attack
* call an unofficial phone number that requests personal information from the user as part of a phishing attack..." (Vishing)

:angry: :ph34r:

Edited by AplusWebMaster, 01 April 2008 - 07:33 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#3 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 03 April 2008 - 09:46 AM

FYI...

- http://blog.trendmic...e-their-voices/
April 2, 2008 - "This technique — more popularly (and creatively) known as “vishing” — uses the all-too-familiar spammed email message format as initial bait... This time, however, the striking difference from past phishing emails is that instead of a malicious URL, the message contains a number that users are encouraged to call for information on possible “tax refunds.” An automated voice recording answers queries and asks callers for sensitive information: credit card and social security numbers, for instance. The timeliness of this attack is evident as deadline for filing taxes is nearing. Users may have learned to not trust unknown links; this time Trend Micro advises users to be extra careful in disclosing information even to “customer service” numbers as well."

(Screenshots of the phishing/vishing emails available at the URL above)

:ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#4 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 04 April 2008 - 10:30 AM

FYI...

- http://isc.sans.org/...ml?storyid=4237
Last Updated: 2008-04-04 15:52:01 UTC - "With tax day getting closer in the U.S., the number of reports on related social engineering tricks are picking up as well. The e-mails are basically a re-hash of the Better Business Bureau scams that we covered a while back. As the e-mails still seem to be targeting mainly executives of a firm, the trick might still work. The current emails contain text in the style of

Dear [Name of Executive]
I am sorry but in order for [Name of Firm] to get a tax refund, all the fields must be completed.
Please complete the missing fields on the attached form and re-send it to me.

nicely adorned with bells&whistles to make it look like it really comes from the IRS. Another series uses the old "A tax complaint has been filed against you" line, which probably is less likely to get the Execs to click. But who doesn't want a refund... Thanks to all ISC readers who have sent samples of this scam over the past days."

:angry: :ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#5 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 09 April 2008 - 09:27 AM

FYI...

- http://blog.trendmic...minals-ramp-up/
April 8, 2008 - "...As expected, cyber criminals have renewed their illicit campaigns to bilk consumers of their money, but also infected them with malware intended to perpetrate identity theft. This sort of effort to fraudulently victimize consumers during the rush up the filing deadline (April 15th) of the U.S Tax season generally always shows up this time of year, but the social-engineering and sophistication continually evolves to ensnare as many victims as possible. This year is no exception. Earlier today, Trend Micro researchers began to receive reports of a new, targeted spam campaign which are specifically targeted to high-profile companies — some of them being Fortune 500 companies and U.S. Defense contractors — which would indicate that financial fraud is not the only intended goal of these criminals. Given their targets, they are possibly also looking to infiltrate high-profile companies for other, perhaps more insidious, reasons. The malicious spam messages all look similar to the image above, and all have a subject line that are identical in format, yet crafted for each individual company:

“Re:tax contract for [company name], Inc.”

The MS Word attachment harbors a Trojan (which Trend Micro will detect as TROJ_DELF.HAV), and if opened, tells the user that “…Microsoft Word has encountered an error and needs to close. Please double click the icon to reload…” — which will initialize the Trojan. Internet users are reminded that they should NEVER open unsolicited e-mail attachments..."

(Screenshot available at the URL above.)

:ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users