4 replies to this topic

[AplusWebMaster]

FYI...

- http://asert.arborne...phishing-scams/
February 28, 2008 - "Earlier today I got a new phishing scam in my inbox, this one for the IRS. I’d love a tax refund, but I don’t think this is how they normally notify you. The lure email is shown... and is quite standard in its formatting. It even threatens you with criminal prosecution if you lie... This is a new twist in phishing attacks that can bypass the normal URL filtering bar for malicious sites. It requires that the mechanism that determines if it’s a phishing site recognize that EXEs can also be used in phishing. It makes sense that this would evolve, I suspect we’ll see more of this soon. I ran the sample through VirusTotal for an overview of the AV detection and saw that it’s not as well detected as it could be... In the time between getting this sample, notifying people, and analyzing the sample, it was shut down. Good."

(Screenshots available at the URL above.)

[AplusWebMaster]

FYI...

More IRS scams...
- http://www.us-cert.g...rvice_tax_scams
updated April 1, 2008 - "US-CERT is aware of a series of email scams circulating that are related to the United States Internal Revenue Service. Attacks have been observed that use email to convince users to perform the following actions:
* open an email attachment containing bogus tax documents that are embedded with malicious code
* follow a link to an unofficial tax website that contains malicious code
* follow a link to an unofficial tax website that requests personal information from the users as part of a phishing attack
* call an unofficial phone number that requests personal information from the user as part of a phishing attack..." (Vishing)

Edited by AplusWebMaster, 01 April 2008 - 07:33 PM.

[AplusWebMaster]

FYI...

- http://blog.trendmic...e-their-voices/
April 2, 2008 - "This technique — more popularly (and creatively) known as “vishing” — uses the all-too-familiar spammed email message format as initial bait... This time, however, the striking difference from past phishing emails is that instead of a malicious URL, the message contains a number that users are encouraged to call for information on possible “tax refunds.” An automated voice recording answers queries and asks callers for sensitive information: credit card and social security numbers, for instance. The timeliness of this attack is evident as deadline for filing taxes is nearing. Users may have learned to not trust unknown links; this time Trend Micro advises users to be extra careful in disclosing information even to “customer service” numbers as well."

(Screenshots of the phishing/vishing emails available at the URL above)

[AplusWebMaster]

FYI...

- http://isc.sans.org/...ml?storyid=4237
Last Updated: 2008-04-04 15:52:01 UTC - "With tax day getting closer in the U.S., the number of reports on related social engineering tricks are picking up as well. The e-mails are basically a re-hash of the Better Business Bureau scams that we covered a while back. As the e-mails still seem to be targeting mainly executives of a firm, the trick might still work. The current emails contain text in the style of

Dear [Name of Executive]
I am sorry but in order for [Name of Firm] to get a tax refund, all the fields must be completed.
Please complete the missing fields on the attached form and re-send it to me.

nicely adorned with bells&whistles to make it look like it really comes from the IRS. Another series uses the old "A tax complaint has been filed against you" line, which probably is less likely to get the Execs to click. But who doesn't want a refund... Thanks to all ISC readers who have sent samples of this scam over the past days."

[AplusWebMaster]

FYI...

- http://blog.trendmic...minals-ramp-up/
April 8, 2008 - "...As expected, cyber criminals have renewed their illicit campaigns to bilk consumers of their money, but also infected them with malware intended to perpetrate identity theft. This sort of effort to fraudulently victimize consumers during the rush up the filing deadline (April 15th) of the U.S Tax season generally always shows up this time of year, but the social-engineering and sophistication continually evolves to ensnare as many victims as possible. This year is no exception. Earlier today, Trend Micro researchers began to receive reports of a new, targeted spam campaign which are specifically targeted to high-profile companies — some of them being Fortune 500 companies and U.S. Defense contractors — which would indicate that financial fraud is not the only intended goal of these criminals. Given their targets, they are possibly also looking to infiltrate high-profile companies for other, perhaps more insidious, reasons. The malicious spam messages all look similar to the image above, and all have a subject line that are identical in format, yet crafted for each individual company:

“Re:tax contract for [company name], Inc.”

The MS Word attachment harbors a Trojan (which Trend Micro will detect as TROJ_DELF.HAV), and if opened, tells the user that “…Microsoft Word has encountered an error and needs to close. Please double click the icon to reload…” — which will initialize the Trojan. Internet users are reminded that they should NEVER open unsolicited e-mail attachments..."

(Screenshot available at the URL above.)