Tax Attacks: Tech Thieves Target Online Tax Return Filers

Share Article

Websense Security Labs has discovered tax attacks targeting the U.S. in several countries outside of the U.S. hosted on compromised web servers. For example, one of the largest IRS phishing campaigns claims that the taxpayer is eligible for a refund and needs to log on to a website to verify their information. Users receive one of a variety of email messages with a link to a fraudulent website. Upon accessing the spoofed tax website, the user is then forwarded to a fraudulent site that requests credit card information and other personal identifiers. The intent of these attacks is to dupe users into revealing confidential information which can be used for withdrawing funds.

Cyber thieves sit back and wait for current events such as tax season which provide an opportunity to manipulate for monetary rewards

As the April 15th tax filing deadline approaches, cyber fraudsters are planning their attack on online tax filers to steal confidential information. Websense, Inc. (NASDAQ: WBSN), a global leader in web security and web filtering productivity software, today announced that Websense® Security Labs™ has seen a rise in phishing attacks via fraudulent emails and websites that spoof the Internal Revenue Service (IRS). Since December 2005, Websense Security Labs has been working together with the IRS and other organizations to investigate the rise of tax scams and better protect consumers and employee computing environments from increasingly sophisticated and dangerous internet security threats.

Websense Security Labs has discovered tax attacks targeting the U.S. in several countries outside of the U.S. hosted on compromised web servers. For example, one of the largest IRS phishing campaigns claims that the taxpayer is eligible for a refund and needs to log on to a website to verify their information. Users receive one of a variety of email messages with a link to a fraudulent website. Upon accessing the spoofed tax website, the user is then forwarded to a fraudulent site that requests credit card information and other personal identifiers. The intent of these attacks is to dupe users into revealing confidential information which can be used for withdrawing funds.

Phishing can present a serious security risk for consumers and organizations. Phishers are becoming more sophisticated in their deception techniques to lure employees to spoofed websites, as most employees cannot determine which is a genuine site and which is a fake. However, employees don’t have to “fall for the phish” and actually enter confidential information on a phishing website to be compromised. For example, recent trends indicate that by just visiting a website, many types of phishing URLs can install spyware, such as a malicious keylogger, which has the ability to capture data including network passwords or social security numbers without their knowledge. It only takes one employee to click on a phishing site and accidentally give out confidential corporate data, customer records, network passwords, or trade secrets, to jeopardize an entire organizations’ intellectual property.

“Cyber thieves sit back and wait for current events such as tax season which provide an opportunity to manipulate for monetary rewards,” said Dan Hubbard, senior director, security and technology research, Websense, Inc. “With tens of millions of online users filing their taxes on the internet, many web filers readily disclose personal identifiers such as network passwords, social security numbers, bank account numbers, or their mother’s maiden name. The combination of having a large pool of potential users to target and the timeliness of the current event could lead to high numbers of both consumer and corporate victims."

According to the IRS, 68.5 million tax returns were e-filed in 2005, and that number is predicted to increase at a record pace this year. The IRS also expects fraud attempts to rise and has published its own warnings in an attempt to educate the public on these scams. According to the IRS website, fraudulent emails appearing to come from the refunds@irs.gov, admin@irs.gov or other similar irs.gov themed addresses offer a tax refund and direct recipients to a link contained in the email. The link directs users to a clone of the IRS website that is modified to ask for personal and financial information not required by the real IRS page. Furthermore, through its own research, Websense Security Labs found that many of the sites have similar characteristics in their URL paths and include /IRS/claimrefund/caseid or /.http://www.irs.gov in the path.

Web filers can avoid tax attacks and other internet security threats by taking a few simple measures. For example, the IRS recommends not to click on any links in suspicious emails; instead go directly to the IRS web site (http://www.irs.gov).

In addition, companies seeking to protect their employees from phishing scams can employ Websense’s web filtering and web security software to prevent users from accessing sites associated with fraudulent online activities such as phishing. For enhanced internet security defense, the Websense Web Security Suite™ offers Real-Time Security Updates™ which provide real-time updates to the database as malicious events and websites are discovered, researched and categorized.

For more information, the original Websense Security Labs alert on IRS-related phishing scams contains screenshots of actual IRS phishing emails, please visit: http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=436.

About Websense Security Labs

Websense Security Labs discovers and investigates today's advanced internet threats and publishes its findings, enabling organizations to best protect employee computing environments from increasingly sophisticated and dangerous internet threats. With extensive internet and malicious code categorization expertise, Websense Security Labs provides research and delivers timely product and information updates to the security community and Websense customers to support them in making their infrastructure more secure. This includes, but is not limited to, the areas of malicious websites, phishing-based attacks, and other emerging threats associated with keylogging, spyware, instant messaging attachments, and corporate use of peer-to-peer applications. Websense Security Labs mines and analyzes more than 75 million sites daily for malicious mobile code (MMC) and hacks.

About Websense, Inc.

Websense, Inc. (NASDAQ:WBSN), a global leader in web security software, is trusted by more than 24,000 organizations worldwide. Websense proactively discovers and immediately protects against web-based threats such as spyware, phishing attacks, viruses and crimeware. With diverse partnerships and integrations, Websense complements our customers’ network and security environments.

© 2006, Websense, Inc. All rights reserved. Websense and Websense Enterprise are registered trademarks of Websense, Inc. in the United States and certain international markets. Websense has numerous other unregistered trademarks in the United States and internationally. All other Trademarks are the property of their respective owners.

###

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Eric Polyn
Websense
858-320-9280
Email >
Visit website