July 24, 2008The Mother of All IRS Refund Scams
After verifying that the destination of the link (to a free web hosting service) wasn't going to blow up my computer, I checked out the page in a web browser to see how this crook was going to try to pry personal identity info from visitors. In the past, IRS phishing scams have aimed at Social Security numbers (the primary way the IRS distinguishes one private citizen from another) and credit card data (where the refunds are supposedly to be credited—what a joke!).
The destination page, however, was not something I had seen before:
This one doesn't ask for any personal ID info on the landing page. Instead it presents a popup list of banks from which to choose where you want your refund posted (like the IRS offers for regular tax refunds):
When you click the Submit button, you are presented with a facsimile of the chosen bank's online banking login page, like this one:
Yes, friends, this guy had set up bogus login pages for every one of the banks in the list. In other words, by way of a single style of phishing message from an organization that would get every U.S. citizen's attention, this crook has found a way to phish for fourteen financial institutions! No more confusion for recipients who are, say, Bank of America customers but who receive a phishing message about Washington Mutual. One scam fits (nearly) all!
So, this really isn't an IRS scam. It's a Massively Multibank Online Phish, or MMOP for short.
To freehostia.com's credit, the entire site was taken down within a couple hours of my phishing message having been sent. A lot of work went into creating all that content—I mean, this guy had to rip off login screens from 14 bank web sites—so I fully expect the full package to resurrect itself elsewhere in the future. It seems that to Ben Franklin's precious list, "death and taxes," we must add "scammers."Posted on July 24, 2008 at 08:39 AM