Security news
Security news30 November 2005
Phishers send email posing as IRS tax refund Link to legitimate government website bounces you into the hands of phishers
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned internet users of a phishing email which aims to steal from American taxpayers by posing as notification of a refund from the Internal Revenue Service (IRS). The phishers are taking advantage of a security configuration error on the real US Government website which is allowing phishers to redirect visitors to a bogus website.
The email invites taxpayers to visit a website to collect their refund.
In an attempt to look more legitimate, the email tells users to cut-and-paste the link into their web browser rather than click directly on it. Although the link does use the genuine domain name of a real government website (www.govbenefits.gov), a mistake in the way the website has been set up bounces surfers to a bogus site run by the phishers.
The bogus benefits website asks for information from taxpayers.
"This phish tells you that the IRS owes you several hundred dollars, and offers you a web link from which you can allegedly claim your tax refund," said Graham Cluley, senior technology consultant at Sophos. "But the link in the email simply bounces you off a US Government website onto a site owned by the criminals, who are ready and waiting to steal your credit card details, Social Security Number and other personal information."
"This is more advanced than the typical phish, because the web link really does - at first - take you to the real tax benefit website. Unfortunately the way the government website has been configured allows the phishers to bounce the unwary in their direction instead. The phishers didn't need to hack into or compromise the government website to do this, the website has simply had this vulnerability on it all along," continued Cluley. "This is a salutory warning to every business and agency that runs a website to be very careful that it cannot be abused to bounce web surfers elsewhere."
Sophos reminds users to be wary of unsolicited emails, and has published information about how individuals can learn how to protect themselves against this and other online scams.
Download now
- USA number 1 for malware and spam
- Huge surge in email attachment attacks
- Scareware makes users buy bogus products
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
