Advertisement
<a href="http://krebsonsecurity.com/irs-scam-phishing-by-fax/?administer_redirect_13=http://abaca.com/free_trial.html"><img src="/a-ab/missing.gif" /></a>
  • About the Author
  • About this Blog

    • Posts Tagged: irs

    A Little Sunshine / Latest Warnings / Web Fraud 2.012 Comments
    29
    Mar 11

    IRS Scam: Phishing by Fax

    Scammers typically kick into high gear during tax season in the United States, which tends to bring with it a spike in phishing attacks that spoof the Internal Revenue Service.   Take, for example, a new scam making the rounds via email, which warns of discrepancies on the recipient’s income tax return and requests that personal information be sent via fax to a toll-free number.

    A new phishing campaign that began sometime in the last 24 hours is made to look like it was sent from irs@irsonline.gov, and urges recipients to fill out, print, and fax an attached PDF tax form. From the scam email:

    *This is in reference to your 2010 U.S. Individual Income Tax Return we seem to have some discrepancies with your filing. If you have already filed for your 2010  tax refund please get hold of a new form 1040 and
    mail it to the  Department of the Treasury in your region.*

    *If for any reason you have not yet filed for your 2010  Individual
    Income Tax Return please print out the attached PDF form, fill it and
    fax it to the IRS data center on (866) 513-7982 within 24 hours.*

    *This has no bearing on your 2010 U.S. Individual Income Tax Return,
    this to update our data and survey while we prepare to close the 2010
    tax filing season.*

    *Thank you *

    That 866- phone number is currently returning a fast-busy signal, which suggests either that a lot of people are falling for this scam, or that anti-scammers are speed-dialing the number in a bid to prevent would-be victims from faxing in their forms. My guess is that this scam is tied to some kind of automated service that scans faxes and then emails the phishers copies of the scanned images.

    It’s worth noting that the data requested in this bogus IRS form includes the Social Security number, e-File PIN and adjusted gross income, all of which are crucial pieces of information that the IRS uses to authenticate taxpayers.

    The IRS has been careful to note that while it may conduct follow-up correspondence with taxpayers via email if the taxpayer chooses to communicate that way, it will never reach out to taxpayers via email. Consumers can report any tax-related phishing scams to phishing@irs.gov.

    A Little Sunshine / Latest Warnings41 Comments
    9
    Jun 10

    ZeuS Trojan Attack Spoofs IRS, Twitter, Youtube

    Criminals have launched an major e-mail campaign to deploy the infamous ZeuS Trojan, blasting out spam messages variously disguised as fraud alerts from the Internal Revenue Service, Twitter account hijack warnings, and salacious Youtube.com videos.

    According to Gary Warner, director of research in computer forensics at the University of Alabama, Birmingham, this latest attack appears to be an extension of a broad malware spam campaign that began at the end of May.

    The fake IRS e-mails arrive with the tried-and-true subject line “Notice of Underreported Income,” and encourage the recipient to click a link to review their tax statement.

    All of the latest e-mails use a variety of URL shortening services. For example, this shortened link (currently live and dangerous, and therefore neutered here)…

    Continue reading →

    Target: Small Businesses25 Comments
    13
    Jan 10

    Money Mules Helped to Rob W. Va. Bank

    I have written a great deal about how organized cyber gangs in Eastern Europe drained tens of millions of dollars from the bank accounts of small- to mid-sized businesses last year. But new evidence indicates one of the gangs chiefly responsible for these attacks managed to hack directly into a U.S. bank last year and siphon off tens of thousands of dollars.

    On July 30, 2009, at least five individuals across the United States each received an electronic transfer of funds for roughly $9,000, along with instructions to pull the cash out of their account and wire the funds in chunks of less than $3,000 via Western Union and Moneygram to three different individuals in Ukraine and Moldova.

    The recipients had all been hired through work-at-home job offers via popular job search Web sites, and were told they would be acting as agents for an international finance company. The recruits were told that their job was to help their employers expedite money transfers for international customers that were — for some overly complicated reason or another — not otherwise able to move payments overseas in a timely enough manner.

    The money was sent to these five U.S. recruits by an organized ring of computer thieves in Eastern Europe that specializes in hacking into business bank accounts. The attackers likely infiltrated the bank the same way they broke into the accounts of dozens of small businesses last year: By spamming out e-mails that spoofed a variety of trusted entities, from the IRS, to the Social Security Administration and UPS, urging recipients to download an attached password-stealing virus disguised as a tax form, benefits claim or a shipping label, for example. Recipients who opened the poisoned attachments infected their PCs, and the thieves struck gold whenever they managed to infect a PC belonging to someone with access to the company’s bank accounts online.

    Continue reading →