Customers of remote PC administration service Logmein.com and electronic signature provider Docusign.com are complaining of a possible breach of customer information after receiving malware-laced emails to accounts they registered exclusively for use with those companies. Both companies say they are investigating the incidents, but so far have found no evidence of a security breach.
Posts Tagged: irs
Scott Henry scoured the Web for a good deal on buying tax preparation software. His search ended at Blvdsoftware.com, which advertised a great price and an instant download. But when it came time to install the software, Henry began to have misgivings about the purchase, and reached out to KrebsOnSecurity for a gut-check on whether trusting the software with his tax information was a wise move.
Five days after Henry purchased the product, blvdsoftware.com vanished from the Internet.
Several red flags should have stopped him from making the purchase. Blvdsoftware.com claimed it had been in business since 2005, but a check of the site’s WHOIS registration records showed it was created in late October 2011. The site said that Blvdsoftware was a company in Beverly Hills, Calif., but the California Secretary of State had no record of the firm, and Google Maps knew nothing of the business at its stated address.
Henry said that in years past, he’d always bought a CD version of the software. But this year, he opted for digital download.
“I was going to download from Amazon — they sell a download-only version — and then I saw the cheaper site and went with them,” he said in an email. He installed the program, but said he didn’t enter any of his sensitive data. For one thing, he never received a license key from Blvdsoftware, and the program he installed didn’t request one. Now he’s wondering if the program was — at the very least pirated — and at worst — bundled with software designed to surreptitiously snoop on his computer.
Scammers typically kick into high gear during tax season in the United States, which tends to bring with it a spike in phishing attacks that spoof the Internal Revenue Service. Take, for example, a new scam making the rounds via email, which warns of discrepancies on the recipient’s income tax return and requests that personal information be sent via fax to a toll-free number.
A new phishing campaign that began sometime in the last 24 hours is made to look like it was sent from email@example.com, and urges recipients to fill out, print, and fax an attached PDF tax form. From the scam email:
*This is in reference to your 2010 U.S. Individual Income Tax Return we seem to have some discrepancies with your filing. If you have already filed for your 2010 tax refund please get hold of a new form 1040 and
mail it to the Department of the Treasury in your region.*
*If for any reason you have not yet filed for your 2010 Individual
Income Tax Return please print out the attached PDF form, fill it and
fax it to the IRS data center on (866) 513-7982 within 24 hours.*
*This has no bearing on your 2010 U.S. Individual Income Tax Return,
this to update our data and survey while we prepare to close the 2010
tax filing season.*
*Thank you *
That 866- phone number is currently returning a fast-busy signal, which suggests either that a lot of people are falling for this scam, or that anti-scammers are speed-dialing the number in a bid to prevent would-be victims from faxing in their forms. My guess is that this scam is tied to some kind of automated service that scans faxes and then emails the phishers copies of the scanned images.
It’s worth noting that the data requested in this bogus IRS form includes the Social Security number, e-File PIN and adjusted gross income, all of which are crucial pieces of information that the IRS uses to authenticate taxpayers.
The IRS has been careful to note that while it may conduct follow-up correspondence with taxpayers via email if the taxpayer chooses to communicate that way, it will never reach out to taxpayers via email. Consumers can report any tax-related phishing scams to firstname.lastname@example.org.
Criminals have launched an major e-mail campaign to deploy the infamous ZeuS Trojan, blasting out spam messages variously disguised as fraud alerts from the Internal Revenue Service, Twitter account hijack warnings, and salacious Youtube.com videos.
According to Gary Warner, director of research in computer forensics at the University of Alabama, Birmingham, this latest attack appears to be an extension of a broad malware spam campaign that began at the end of May.
The fake IRS e-mails arrive with the tried-and-true subject line “Notice of Underreported Income,” and encourage the recipient to click a link to review their tax statement.
All of the latest e-mails use a variety of URL shortening services. For example, this shortened link (currently live and dangerous, and therefore neutered here)…
I have written a great deal about how organized cyber gangs in Eastern Europe drained tens of millions of dollars from the bank accounts of small- to mid-sized businesses last year. But new evidence indicates one of the gangs chiefly responsible for these attacks managed to hack directly into a U.S. bank last year and siphon off tens of thousands of dollars.
On July 30, 2009, at least five individuals across the United States each received an electronic transfer of funds for roughly $9,000, along with instructions to pull the cash out of their account and wire the funds in chunks of less than $3,000 via Western Union and Moneygram to three different individuals in Ukraine and Moldova.
The recipients had all been hired through work-at-home job offers via popular job search Web sites, and were told they would be acting as agents for an international finance company. The recruits were told that their job was to help their employers expedite money transfers for international customers that were — for some overly complicated reason or another — not otherwise able to move payments overseas in a timely enough manner.
The money was sent to these five U.S. recruits by an organized ring of computer thieves in Eastern Europe that specializes in hacking into business bank accounts. The attackers likely infiltrated the bank the same way they broke into the accounts of dozens of small businesses last year: By spamming out e-mails that spoofed a variety of trusted entities, from the IRS, to the Social Security Administration and UPS, urging recipients to download an attached password-stealing virus disguised as a tax form, benefits claim or a shipping label, for example. Recipients who opened the poisoned attachments infected their PCs, and the thieves struck gold whenever they managed to infect a PC belonging to someone with access to the company’s bank accounts online.