Lust, Caution...Virus

Posted by Lance Koonce

It may sound like a public health warning, but apparently a late night with an illicit movie downloading site can leave you with a very nasty infection.

Continue Reading...

Tax Extension Deadline is Another Opportunity for Email Fraudsters

Posted by Lance Koonce

Yesterday, my accountant called me to let me know that my 2006 federal tax return was complete, and that I was getting a refund. He then confirmed that he would be filing the return electronically after we finished our call.

This morning, the following email showed up in my inbox:

From:              Internal Revenue Service []

To:                   Koonce, Lance

Subject:            IRS Notification - Tax refund

After the last annual calculations of your fiscal activity we have determined that
you are eligible to receive a tax refund of $249.30
Please submit the tax refund request and allow us 3-6 days in order to
process it.

A refund can be delayed for a variety of reasons.
For example submitting invalid records or applying after the deadline.

To access the form for your tax refund, please click here

Internal Revenue Service

© Copyright 2007, Internal Revenue Service U.S.A. All rights reserved.

Now, I knew my refund was not for $249.30, unless my accountant did some seriously bad math.  But the proximity of the email after the e-filing almost convinced me this was legit. 

Continue Reading...

Think You're Safe?

Posted by Angela Kang and Jennifer Small

The latest RSA Monthly Fraud Report warns of a new “plug-and-play” phishing kit that can install a phishing site within two seconds. Creating a phishing site is now as easy as installing a “.exe” file. If that doesn’t ring any alarm bells, McAfee Avert Labs reports a 784% increase in phishing sites in the first quarter of 2007, with no slowdown in sight.

Continue Reading...

Internet Scams Target Car Buyers and Sellers

Posted by Brian Bennett

Experts say that scam artists are targeting just about every internet web site for automobile sales. Warning signs that consumers should watch out for are:

1) the seller or buyer won't provide contact information, or the information doesn't check out;

2) the transaction involves a money wire or illegitimate escrow account; or

3) the deal sounds too good to be true.

Perhaps most important to keep in mind is that once you have given your account information, your money is gone.

Chinese Bank Network Involved in New Phishing Tactic

Posted by Peter Mucklestone and Stuart Louie

As recently reported by Gregg Keizer at TechWeb News, Netcraft, a U.K.-based internet monitoring company recently uncovered the unauthorized use of China Construction Bank Corp.'s servers by online criminals to host "spoofed sites" in order to dupe customers of American banks and online retailers. China Construction Bank Corp. is one of China's "Big Four" state-owned banks with more than 14,200 branches across China.

Continue Reading...

Congratulations, You're Entitled to a Refund . . . Now Hand Me Your Wallet

Posted by Lance Koonce

Perhaps I'm just cynical, but if the Internal Revenue Service sends me an email notice today saying that I have unexpectedly received a refund on my taxes, I will not rush out and start start shopping for that new car just yet. (Of course, maybe that's because my taxes are never done until April 15th, so anything I receive from the IRS this early is clearly a fraud.)

But the IRS is not laughing at the surge in email phishing attempts designed to prey on people's tendency to trust official-looking communications from the federal government.

Continue Reading...

Need Another Reason to Hate Tax Season?

Posted by Merrill Baumann

It's axiomatic that wherever large sums of money are changing hands, there will be scams seeking a piece of the action... and tax collecting is no exception. Not surprisingly, the IRS warns that numerous phishing scams abound, where the perpetrator asks for confidential information in exchange for tax refunds or some other benefit. So how do you protect yourself against these fraudsters? One of this biggest weapons is common sense. Legitimate commercial outfits no longer request confidential financial information by unsolicited emails. And in many contexts, including the IRS, simply ask yourself: Why are they asking for this information? Don't they already have it?

Phishing Scams Continue to Rise

Posted by Kraig Baker

Gartner reports that phishing attacks grew 28% from May 2004 to May 2005. Almost 2.5 million people reported losing money because of phishing attacks (and that's just those that admitted to it) to the tune of $929 Million and 11 million people clicked on a phishing e-mail. Despite the increase, it doesn't appear to me that phishing attacks have gotten that much more sophisticated. I think this is an outgrowth of people's general fear of computers and gullibility with respect to the written word. People who fall victim to phishing are undoubtedly the same people who used to forward the Bill Gates chain letter.

Continue Reading...

The Governator: Hasta La Vista, Phishers

Posted by Lance Koonce

On Friday, Governor Arnold Schwarzenegger signed California Senate Bill 355, the Anti-Phishing Act of 2005, which makes phishing schemes illegal in California. The legislation states that "[i]t shall be unlawful for any person, by means of a Web page, electronic mail message, or otherwise through use of the Internet, to solicit, request, or take any action to induce another person to provide identifying information by representing itself to be a business without the authority or approval of the business."

Continue Reading...

MMORPG Phishing Scams

As an update to our previous post on the keylogger worm that attempts to steal account data from players of Massively Multiplayer Online Role Playing Games, an interesting report at Terra Nova about a phishing scam designed to steal the same type of info.

Posted by Lance Koonce

Phishing in the Wake of Katrina

Looters are apparently not to the only persons seeking to benefit from the misery of others. The Salt Lake Tribune recently reported increasing incidents of phising in the wake of Hurricane Katrina. Within hours after Katrina devastated much of New Orleans, a flurry of Katrina-related domain name registrations were reported; many thought to be linked to bogus charities and fund-raising cons. (Example of possible phishing site described here). On eBay, sellers are auctioning Katrina-related domain names "promising" to donate a portion of the proceeds of the sale to flood relief efforts. Even the large financial markets are not immune.

Continue Reading...

Employers Educate their Employees about Phishing . . . by Posing as Phishers

In an attempt to battle against the neverending surge of phishing attacks, some employers have taken the unusual measure of devising and sending their own fake emails to employees.

Continue Reading...

Beyond Phishing: Pharming and Crimeware Attacks

In a recent study conducted by the Anti-Phishing Working Group, a global association of ISPs, banks, law enforcement agencies and other concerned parties, it was noted that incidents of phishing (or the use of fraudulent emails to dupe people into sharing personal information such as back account passwords, PIN number and/or credit card information), while still rampant on the internet, are increasing at a slower rate.

Continue Reading...

ATM Card Phishing

A report issued August 2, 2005, by Gartner, Inc. describes how thieves have stolen more than $2.75 billion by using phishing scams to obtain debit card account numbers and PINs from unsuspecting consumers. The thieves use the account numbers to create fake cards, then use the cards and PINs to drain consumers' accounts, leaving consumers to deal with the bounced checks and the banks to reimburse the victims, as described in more detail here. The debit cards of some banks, such as Bank of America, are not targets because the banks take advantage of a second track on the magnetic strips on their cards to embed additional security codes that consumers -- and therefore data phishing thieves -- don't know about. Banks whose debit cards have been hard hit by these attacks have begun using the second track on the magnetic strips on their cards and have beefed up their security codes in order to prevent the attacks.

Posted by Randy Gainer