Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Who Falls for This Crap? | Main | Loan/419 Hybrid »

March 14, 2006

The IRS Refund Phish

Like probably millions of others, I received a new phishing message that has been making the rounds. This scam claims to come from the U.S. Internal Revenue Service, complete with actual logo image from irs.gov. The message alerts "me" to the fact that I am owed an income tax refund in the amount of $63.80. Rather than cut a check (like they normally do, or direct deposit into your bank account that you supply when you file your tax forms), they will refund by depositing funds into your credit card account. Here's the message:

Phony I.R.S. Refund Message

When I first saw this message, I suspected the destination link was a malware loading page, but so far I don't see that. Only a typical phishing page that asks for your identity information:

Phony I.R.S. Refund Web Page

The source code of the Web page reveals that it uses style sheet and JavaScript files from the real irs.gov Web site. There are even instances of this "official-looking" notice:

<!-- ============================================================================== Copyright (c) 2001 Internal Revenue Service The US Government possesses the unlimited rights throughout the world for Government purposes to publish, translate, reproduce, deliver, perform, and dispose of the technical data, computer software, or computer firmware contained herein; and to authorize others to do so. ===================================================================== -->

But this page ain't from the I.R.S. No, it's hosted in China. In fact, it looks like a run-of-the-mill server hijacking, a tactic so common among phishers. According to the New York Post, the I.R.S. isn't very happy with this misuse of its good name, and is on the hunt for the scammers.

I wish the agency well. I really do.

Posted on March 14, 2006 at 08:19 AM