New phishing e-mail victimizing taxpayers

New phishing e-mail victimizing taxpayers

An England based Internet security agency has cautioned taxpayers against malicious emails that have been tricking people into divulging critical details about their bank accounts, credit cards and social security.

According to Sophos, a British company that tracks Internet malware, the week-old phishing scam (as it is referred to in technical parlance) tells a taxpayer that he/she is entitled to a tax refund of $571 and has only 12 days left to claim it. It also gives reasons why the refund could have been missed by the taxpayer. It then encourages the taxpayer to access and fill a form.

It provides a link which looks like an extension of the official website of Internal Revenue System (IRS). But the address directs the victim to a phony site which resembles the IRS site. “This phish tells the user that the IRS owes them several hundred dollars and offers a Web link from which they can allegedly claim the tax refund,” reads a warning posted on the Sophos website.

“The phishers are taking advantage of an apparent security configuration error on the real U.S. government Web site, which is allowing them to redirect visitors to a bogus Web site,” reads the news release by Sophos. But IRS refutes the claim that there are any faults in its website. “Any Web vulnerabilities exploited by this scam are not caused by the IRS site,” said a representative of the government agency in an e-mail.

The most devious thing about the scam is that even if the victim types in or cuts and pastes the given web address it leads to the counterfeit site. “This is a pretty clever scam. A lot of people have learned to be nervous about clicking on links, so people may think that by typing in or pasting the link they will be safer, when of course that's not the case.” said Graham Cluley, Senior Technology Consultant at Sophos.