Welcome | Sign In
CRMBuyer.com
Security

Tax Time Opens Phishing Season

Print Version
E-Mail Article
Reprints
Tax Time Opens Phishing Season

By John P. Mello Jr.
E-Commerce Times
Part of the ECT News Network
04/13/06 8:11 AM PT

"With the IRS, phishers are guaranteed a very large cohort of people that will care about their messages," said Peter Cassidy, director of research for the Anti-Phishing Work Group in Cambridge, Mass. "Someone may or may not have a relationship with an online retailer or bank that's being spoofed, but everyone has a relationship with the IRS."


Considering CRM solutions?
You first need to understand CRM best practices. Before committing to a CRM purchase and implementation, it's good to know the experience of those who have already "been there, done that." It can save time and prevent costly missteps. Download Free Research.

For anglers, spring is a time for removing the rod and reel from storage and heading to a lake or stream. For phishers of another kind, however, spring is the season for tax scams.

Phishing -- the use of phony e-mails and Web sites to obtain personal information about people -- has become such a problem for the U.S. Internal Revenue Service (IRS) that it recently set up an e-mail address, phishing@irs.gov, where taxpayers could send suspicious messages for review by G-men.

Pretty much any e-mail Increase Customer Sales with Email Marketing -- Free Trial from VerticalResponse claiming to come from the tax agency should be regarded with suspicion by its recipients, according to IRS spokesperson Eric Smith.

"The IRS doesn't do business that way," he told the E-Commerce Times. "We don't do unsolicited e-mail."

Offshore Scam Artists

The IRS reported a recent increase in phishing attacks, many of which originated outside the United States.

"To date," the IRS stated, "investigations by the treasury Inspector General for Tax Administration have identified sites hosting more than two dozen IRS-related phishing scams.

"These scam Web sites have been located in at least 20 different countries," it continued, "including Argentina, Aruba, Austria, Canada, Chile, England, Germany, Indonesia, Italy, Japan, Korea, Malaysia, Mexico, Poland, Singapore and Slovakia."

IRS Vulnerability

To some extent, the IRS has contributed to its phishing woes, according to Ron O'Brien, a senior security analyst for Sophos in Lynnfield, Mass.

"A phishing attack was discovered last November that was actually linking to the IRS Web site," he told the E-Commerce Times.

"What would happen is, you'd click on the link in the e-mail and it would appear to be the IRS Web site and it would automatically divert you to another page asking you for your social security number and such," he continued.

Opportunistic Criminals

While the vulnerability at the IRS Web site, which has been corrected, aided phishers, it isn't driving the tax scams, argued Bill Rosenkrantz, director of product management for consumer product and solution group at Symantec (Nasdaq: SYMC) in Santa Monica, Calif.

"The fact that taxes happen at the same time every year makes them a good target," he told the E-Commerce Times. "It's like New Year's Eve. Robbers know lots of people will be at parties, so it's a good time to break into houses."

Phishers are very opportunistic, he noted. They launched phishing campaigns around Hurricane Katrina relief and will launch bogus solicitations for political candidates during election years.

Phishers may also be quick to exploit publicized security breaches, Sophos' O'Brien added. Sophos is currently studying that subject, trying to determine whether phishing attacks on target audiences increase based on the connection of the audience to a security breach reported in the media.

Proven Methods

Tried and true techniques are being used in the IRS phishing attacks, according to Peter Cassidy, director of research for the Anti-Phishing Work Group in Cambridge, Mass.

"All these phishing scams follow two templates," he told the E-Commerce Times. "We need your intervention for something good to happen or some reward to come to you, or you need to help us intercede so something bad doesn't happen.

"With the IRS, phishers are guaranteed a very large cohort of people that will care about their messages," he continued. "Someone may or may not have a relationship with an online retailer or bank that's being spoofed, but everyone has a relationship with the IRS."

Safety Tips

Mike Ferraro, an agent in the Boston office of Geek Squad, a national computer service firm, offered some tips to avoid being hooked by phishers.

He recommended deleting all e-mails from unknown correspondents and ignoring all e-mail requests for personal information from institutions.

"Banks, the IRS and legitimate institutions won't contact you by e-mail for that kind of information," he told the E-Commerce Times.

If a request looks legitimate, Ferraro suggests calling the sender by phone to ensure legitimacy. "Don't use the phone number listed in the e-mail. Call a number you have for the company," he cautioned.

"Phishers will include a fake 800 number in their e-mail in case you don't click on the link to their Web site in their e-mail," he explained.

Print Version E-Mail Article Reprints More by John P. Mello Jr.

Talkback: Be the first to comment on this story.

More by John P. Mello Jr.

VMware Fuses Performance With Convenience
November 16, 2009
Fusion 3.0, the latest virtualization app from VMware that lets Mac users run Windows alongside OS X, puts an emphasis on performance. VMware built it specifically to leverage the 64-bit capabilities of Snow Leopard with a new 64-bit native engine. Its Migration Assistant for Windows lets Mac switchers recreate their old Windows PC inside a Mac, file by file. 		Mouse Meets Multi-Touch
November 09, 2009
Apple's latest peripheral, the Magic Mouse, takes the concept of multi-touch that the iPhone and iPod touch popularized and merges it with a button-free mouse. As one's mouse is a direct point of contact between human and machine, any changes made to it can be a divisive issue. Some users love the new abilities Magic Mouse brings to the table; others just can't stand the thing. 		Samsung Intrepid: Sleek Hardware Makes Up For Uncomfy OS
November 09, 2009
Samsung has built its Intrepid smartphone with a solid set of hardware. Its physical keyboard is comfortable for thumb-typing, and its camera sports a number of advanced features for a phone cam. The Windows Mobile 6.5 OS it's saddled with can be uncomfortable and unintuitive at times, but it may be at least a familiar interface for the business users the Intrepid targets.
Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]
Shortcuts
> Get Business and Technology News Alerts
> Most Popular | Spotlight Features | Exclusives
> This Week on ECT News Network | Podcasts
> Inside CRM Buyer
CRM Buyer
E-Commerce Times
TechNewsWorld
LinuxInsider
MacNewsWorld
Today's CRM Buyer Sponsors
Vertical Response Email Marketing!
Sign up for your Free Trial today and send 100 emails on us!
Complimentary Webinar
How Much is 'Free' Costing You? DaveRamsey.com’s 567% ROI with Enterprise Analytics
Avaya Aura™
Save up to 40% on calling costs with Avaya Aura™
Trend Micro Smart Protection Network(TM)
Lower your content security management costs by up to 40%.
ECT News Network Information
Reader Services
Corporate
ECT News Network
Terms of Service | Privacy Policy | How To Advertise
Copyright 1998-2009 ECT News Network, Inc. All Rights Reserved.