Welcome | Sign In
CRMBuyer.com
Security

Tax Time Opens Phishing Season

Print Version
E-Mail Article
Reprints
Tax Time Opens Phishing Season

By John P. Mello Jr.
E-Commerce Times
Part of the ECT News Network
04/13/06 8:11 AM PT

"With the IRS, phishers are guaranteed a very large cohort of people that will care about their messages," said Peter Cassidy, director of research for the Anti-Phishing Work Group in Cambridge, Mass. "Someone may or may not have a relationship with an online retailer or bank that's being spoofed, but everyone has a relationship with the IRS."


Considering CRM solutions?
You first need to understand CRM best practices. Before committing to a CRM purchase and implementation, it's good to know the experience of those who have already "been there, done that." It can save time and prevent costly missteps. Download Free Research.

For anglers, spring is a time for removing the rod and reel from storage and heading to a lake or stream. For phishers of another kind, however, spring is the season for tax scams.

Phishing -- the use of phony e-mails and Web sites to obtain personal information about people -- has become such a problem for the U.S. Internal Revenue Service (IRS) that it recently set up an e-mail address, phishing@irs.gov, where taxpayers could send suspicious messages for review by G-men.

Pretty much any e-mail Increase Customer Sales with Email Marketing -- Free Trial from VerticalResponse claiming to come from the tax agency should be regarded with suspicion by its recipients, according to IRS spokesperson Eric Smith.

"The IRS doesn't do business that way," he told the E-Commerce Times. "We don't do unsolicited e-mail."

Offshore Scam Artists

The IRS reported a recent increase in phishing attacks, many of which originated outside the United States.

"To date," the IRS stated, "investigations by the treasury Inspector General for Tax Administration have identified sites hosting more than two dozen IRS-related phishing scams.

"These scam Web sites have been located in at least 20 different countries," it continued, "including Argentina, Aruba, Austria, Canada, Chile, England, Germany, Indonesia, Italy, Japan, Korea, Malaysia, Mexico, Poland, Singapore and Slovakia."

IRS Vulnerability

To some extent, the IRS has contributed to its phishing woes, according to Ron O'Brien, a senior security analyst for Sophos in Lynnfield, Mass.

"A phishing attack was discovered last November that was actually linking to the IRS Web site," he told the E-Commerce Times.

"What would happen is, you'd click on the link in the e-mail and it would appear to be the IRS Web site and it would automatically divert you to another page asking you for your social security number and such," he continued.

Opportunistic Criminals

While the vulnerability at the IRS Web site, which has been corrected, aided phishers, it isn't driving the tax scams, argued Bill Rosenkrantz, director of product management for consumer product and solution group at Symantec (Nasdaq: SYMC) in Santa Monica, Calif.

"The fact that taxes happen at the same time every year makes them a good target," he told the E-Commerce Times. "It's like New Year's Eve. Robbers know lots of people will be at parties, so it's a good time to break into houses."

Phishers are very opportunistic, he noted. They launched phishing campaigns around Hurricane Katrina relief and will launch bogus solicitations for political candidates during election years.

Phishers may also be quick to exploit publicized security breaches, Sophos' O'Brien added. Sophos is currently studying that subject, trying to determine whether phishing attacks on target audiences increase based on the connection of the audience to a security breach reported in the media.

Proven Methods

Tried and true techniques are being used in the IRS phishing attacks, according to Peter Cassidy, director of research for the Anti-Phishing Work Group in Cambridge, Mass.

"All these phishing scams follow two templates," he told the E-Commerce Times. "We need your intervention for something good to happen or some reward to come to you, or you need to help us intercede so something bad doesn't happen.

"With the IRS, phishers are guaranteed a very large cohort of people that will care about their messages," he continued. "Someone may or may not have a relationship with an online retailer or bank that's being spoofed, but everyone has a relationship with the IRS."

Safety Tips

Mike Ferraro, an agent in the Boston office of Geek Squad, a national computer service firm, offered some tips to avoid being hooked by phishers.

He recommended deleting all e-mails from unknown correspondents and ignoring all e-mail requests for personal information from institutions.

"Banks, the IRS and legitimate institutions won't contact you by e-mail for that kind of information," he told the E-Commerce Times.

If a request looks legitimate, Ferraro suggests calling the sender by phone to ensure legitimacy. "Don't use the phone number listed in the e-mail. Call a number you have for the company," he cautioned.

"Phishers will include a fake 800 number in their e-mail in case you don't click on the link to their Web site in their e-mail," he explained.

Print Version E-Mail Article Reprints More by John P. Mello Jr.

Talkback: Be the first to comment on this story.

More by John P. Mello Jr.

McAfee Gives Enterprise Macs a Bodyguard
November 02, 2009
When it comes to Mac use in an enterprise environment, running third-party security software isn't just a matter of using an abundance of caution. It may also be a matter of complying with governance mandates and regulations. McAfee's new Endpoint Protection for the Mac targets enterprise systems handling large amounts of sensitive data. 		Adobe Elements Buffs Up for Mac
October 26, 2009
For the almost-but-not-quite pro photog, Adobe Photoshop Elements offers a collection of tools that go beyond most free offerings but don't dish out the wallet-busting feature overload of full Photoshop. In the past, some Mac users have been annoyed with Adobe for having versions of Elements ready for Windows months before they were out on Mac. With version 8, both platforms get their chance at the same time. 		GoToMyPC Gets Ready to Go to Your Mac
October 19, 2009
GoToMyPC has been a popular remote access product in Citrix's portfolio, and previous versions have allowed any Net-connected computer to remotely control a PC. A new version, soon to come out of beta and into full release, can access Macs as well. With the growth of both telecommuting and Macs in the enterprise, Citrix felt the time was right.
Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]
Shortcuts
> Get Business and Technology News Alerts
> Most Popular | Spotlight Features | Exclusives
> This Week on ECT News Network | Podcasts
> Inside CRM Buyer
White Papers | Case Studies | Reports
eMarketer Whitepaper: Optimizing the E-Commerce Experience
Top 6 Tips to Quickly and Significantly Reduce Your Call Center Operations Cost
From Laid-Off to Entrepreneur: Launching a Web Biz on a Shoestring
The Year in Mac Security 2008
Entering European Markets: A Challenging but Real Opportunity
Peak Oil & Sustainability: CRM's Potential Impact and 10 Innovations CRM Vendors Should Consider
Rewriting the Startup Handbook
CRM Buyer
E-Commerce Times
TechNewsWorld
LinuxInsider
Today's CRM Buyer Sponsors
Complimentary Webinar
How Much is 'Free' Costing You? DaveRamsey.com’s 567% ROI with Enterprise Analytics
Avaya Aura™
Save up to 40% on calling costs with Avaya Aura™
Trend Micro Smart Protection Network(TM)
Lower your content security management costs by up to 40%.
ECT News Network Information
Reader Services
Corporate
ECT News Network
Terms of Service | Privacy Policy | How To Advertise
Copyright 1998-2009 ECT News Network, Inc. All Rights Reserved.