0 Replies Latest reply on Apr 24, 2008 7:42 AM by HarryWaldron

    New Phishing Scam - Uses upcoming IRS Stimulus Rebate to trick users

      :eek: The most recent Government Computer newsletter is warning of a new well-designed IRS phishing scam. This attack appears to related to the upcoming IRS rebates that are part of the 2008 Government Stimulus Package.

      While the email looks official and the social engineering is well done, it is important to recognize that the IRS and banks do not use email as a method of contacting individuals. They usually will call or conduct official business by mail only.

      Please avoid these attacks, as entering your bank account information into the realistic but false website could mean real losses of money from these criminals. It could also take months to clean up activity after an individuals credit or bank account information has been compromised.

      Phishing scam uses IRS rebate line to reel in victims
      http://www.gcn.com/online/vol1_no1/46153-1.html
      http://www.mxlogic.com/itsecurityblog/1/20...us-Payments.cfm
      http://mxlogic.com/itsecurityblog/1/2008/0...shing-Twist.cfm

      QUOTE: The tax filing season is past, the economic stimulus rebate season is upon us, and the phishers are changing their bait. The lure this time is the $600 rebate ($1,200 per household) that the Internal Revenue Service will begin sending to taxpayers in May and a supposed opportunity to speed up the process.

      E-mails purporting to be from the IRS are arriving in inboxes with instructions to recipients that if they visit the linked Web site and provide bank account and routing numbers their rebate can be deposited directly to the account more quickly. To add an element of urgency, the message includes a deadline — April 24 — for providing information, but that is likely to change.

      Right on cue we are starting to see phishing scams with an economic stimulus payment flavor. As we discussed in one of the IRS phishing scam blog entries we predicted that as the economic stimulus payment distribution got closer (currently scheduled to begin May 2nd based on the last two digits of your Social Security Number) we would start to see more scams around these payments. We are starting to see some of the first iterations of those scams today.



      EXAMPLE OF NEW PHISHING ATTACK:

      TO: ***************
      FROM: service@irs.gov
      SUBJECT: 2008 Economic Stimulus Refund.

      Over 130 million Americans will receive refunds as
      part of President Bush program to jumpstart the economy.

      Our records indicate that you are qualified to receive the
      2008 Economic Stimulus Refund.

      The fastest and easiest way to receive your refund is by
      direct deposit to your checking/savings account.

      Please click on the link and fill out the form and submit
      before April 24th, 2008 to ensure that your refund will be
      processed as soon as possible.

      Submitting your form on April 24th, 2008 or later means that
      your refund will be delayed due to the volume of requests we
      anticipate for the Economic Stimulus Refund.