04:10 PM
Connect Directly

Phishing Campaign Targets Tax Rebate Checks

The phishing messages claim that the fastest way to receive one's economic stimulus tax rebate is through direct deposit and include a Web link to an online submission form.

The Internet Crime Complaint Center (IC3) on Thursday issued a warning about a phishing campaign designed to steal personal information from consumers using the promise of a tax rebate check as bait.

IC3 is jointly run by the Federal Bureau of Investigation, the National White Collar Crime Center, and the Bureau of Justice Assistance.

The phishing messages claim that the fastest way to receive one's economic stimulus tax rebate is through direct deposit. They include a Web link to an online submission form designed to steal submitted information from those fooled into believing that providing personal data will hasten the arrival of their tax rebate.

The IC3 includes a sample phishing message that purports to be from the Internal Revenue Service. It warns recipients that failure to submit information by May 10 may delay the promised funds.

In fact, the IRS is sending economic stimulus payments, ranging from $300 to $1,200, out to about 130 million U.S. households this month. But it's not sending anyone e-mail offering to hasten delivery through direct deposit of the funds.

"Consumers are advised that the IRS does not initiate taxpayer communications via e-mail," IC3 warns. "In addition, the IRS does not request detailed personal information via e-mail or ask taxpayers for the PIN numbers, passwords, or similar secret access information for their credit card, bank, or other financial accounts."

Furthermore, IC3 advises against opening e-mail from unknown senders or clicking on links in such messages.

According to the Anti-Phishing Working Group, 29,284 unique phishing reports were submitted to the organization in January, an increase of more than 3,600 from the previous month.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
According to industry estimates, about a million new IT security jobs will be created in the next two years but there aren't enough skilled professionals to fill them. On top of that, there isn't necessarily a clear path to a career in security. Dark Reading Executive Editor Kelly Jackson Higgins hosts guests Carson Sweet, co-founder and CTO of CloudPassage, which published a shocking study of the security gap in top US undergrad computer science programs, and Rodney Petersen, head of NIST's new National Initiative for Cybersecurity Education.